Apple holds the master key when it comes to iCloud security, privacy

Sphynx · Apr 3, 2012

Well seeing as Apple retains your encryption keys & Microsoft can use their permissions to access any stored data on SkyDrive, i've taken to using a great little product called Wuala (much like spideroak - the keys are stored locally on your machine). You can even look around for free promo codes that have resulted in me now having in excess of 12GB free storage.

You're welcome.

Sphynx · Apr 3, 2012

Stubabe":pmyxi1c4 said:
What the hell is the point of syncing data for backup and distribution if you keep the decryption keys on one machine? Same for the PKI suggestion in the article: no private key = no access so you now need to sync that to your other "devices" and where do you back that up anyway?
The only thing that works well is password based encryption on the client, but people are v. bad at generating secure passwords so we need lots of key hardening (e.g. with PBKDF2) which is slow on the gutless CPUs you find in smartphones. Of course, you can use a memory hard KDF instead but the only one I have seen for public release is scrypt, but personally I felt they took too many liberties with the Salsa20 core to trust it...

Admittedly that is somewhat of an Achilles heel. I.e. it's why Spideroak & Wuala mobile apps currently (as far as I know) only allow to view your data. Although I think Wuala was working on improving this situation. Personally it's a non-issue for me as I only use these systems when i'm working on a PC with the native client installed. Although with Wuala, it can set up a pseudo-drive that you can use via drag and drop in windows explorer if you want.

Search

Search

Apple holds the master key when it comes to iCloud security, privacy

Sphynx

Ars Tribunus Militum

More options

Sphynx

Ars Tribunus Militum

More options