Lockbox Aims To NSA-Proof the Cloud

Daniel_Stuckey writes "Lockbox, a tech startup founded in 2008, just received $2.5 million in seed funding for its end-to-end encryption cloud service, Client Portal. So, how does end-to-end cloud encryption work? Lockbox encrypts and compresses files before they are uploaded to the cloud. Only a person in possession of the corresponding key can unlock, or decrypt, the files. This means that the NSA, malicious hackers, business competitors, and even crazy girlfriends and boyfriends won't be be able to peer into users' most sensitive and private files."

I like the idea

[bondsbw]

But I prefer that my encryption tool and my cloud storage service be completely separate. (How do I know Lockbox isn't sending the keys to the NSA, or whoever?)

Re:I like the idea

[Garridan]

Yup. It's only secure as your OS, and the NSA pwns that. Always airgap your private key, or it's theirs.

Re:I like the idea

[JWSmythe]

A friend of mine offered that kind of service quite a few years ago.

It was a backup service. The user had the key. It was encrypted on the user's site, and only encrypted data sent up to the server.

It's not novel. It's a slashvertisment. {sigh}

Re:I like the idea

[mysidia]

It would defeat the point. You can probably safely assume they are not sending them right now.

The problem is: in the future, when more than 2 people start using their service --- the chance gets higher and higher over time, that NSA agents will descend upon them, and provide a legal order requiring they insert backdoors into their service, or protocol, or otherwise: provide the NSA with the resources required to get at the content, AND requiring they tell nobody.

In other words : No US-based cloud service can really fight the NSA; unless they are prepared to shutter the service and go to jail for the cause, which is not likely.

An overseas service is even better for the NSA getting a better chance at capturing the data -- because the things that are legal for them to do expand; gathering intelligence on overseas communications falls within their government mandate; and the techniques they employ could espionage, infiltration into the organization providing the service; and include compromise of computer systems and implanting malware bugs.

Re:I like the idea

[0111+1110]

I don't think an overseas service is better for the NSA. They don't have to even pretend to have ethical or legal constraints, but they are limited by international politics. They are stuck asking for cooperation. Or trying to bribe the right people. Within the US they have the full force of the US government behind them and can simply put uncooperative people in jail.

Nevertheless things have reached a point where you might get idealogically motivated people starting anti-NSA encryption systems and there isn't much the NSA can do against someone willing to risk prison or flee the country or shut down their entire company rather than deal with the devil. The NSA and the government in general are used to dealing with people who are easily controlled with nothing more than money.

But, yeah, the NSA can at least shut down pretty much any US based centralized system intended to fight them. Outside of North America and Western Europe it's a different story though. They don't have any legal power to shut down anything over there.

Re:I like the idea

[icebike]

That's not Exactly true.

If a service provides an open source encryption routine, and also, perhaps, but not necessarily required, an open source transfer routine for the already encrypted files, you could air gap the encryption task from the transfer task, and even with a court order and a shot gun to their head, the company couldn't give you data away.

Spideroak has promised to open source their client for exactly this reason. So far they haven't delivered.

Re:I like the idea

[toQDuj]

Yes, most of the online backup services offer this. Crashplan does the same. I have the keys, they don't.

Re:I like the idea

[Jane+Q.+Public]

"Nevertheless things have reached a point where you might get idealogically motivated people starting anti-NSA encryption systems and there isn't much the NSA can do against someone willing to risk prison or flee the country or shut down their entire company rather than deal with the devil. The NSA and the government in general are used to dealing with people who are easily controlled with nothing more than money."

"Might get"???

Haven't you been reading the news?

Re:I like the idea

[mysidia]

you could air gap the encryption task from the transfer task, and even with a court order and a shot gun to their head, the company couldn't give you data away.

The order could say to covertly insert a backdoor of the NSA's choosing in the "open source" client; or provide the NSA operatives root access to the server that distributes the client binaries, and the keys to push out a new release of the software.

Someone maintains the code that the users are using. And the maintainers could very easily be subject to a gag order; to not discuss the covert backdoor, even if it's visible in the open source code ----- it doesn't have to be, though: most people will just download the project's (NSA-patched) binary builds of the release.

Re:I like the idea

[Zemran]

If you go outside of North America and Western Europe, the NSA have big wallets and a bribe is more likely to work. You may think that somewhere like Venezuela hates the US enough to allow a business like this but I guarantee that the average sys admin in Venezuela could be bought for a few hundred. I would opt for a European country with more a sensible legal system like Switzerland. It will take years for the NSA to get in and the fight would be public. I know that they got into the banks but we all knew about it long before they got there. There are still other option with more effective privacy options and zero corruption but outside of Europe you know they are easily bought.

Re:I like the idea

[VortexCortex]

But I prefer that my encryption tool and my cloud storage service be completely separate. (How do I know Lockbox isn't sending the keys to the NSA, or whoever?)

It's pointless anyway against the NSA. Seriously. Every single modern operating system (including on routers) has tons of unpatched exploit vectors. There's even a black market for them. The NSA can just infect your machines and ex-filtrate your data and/or the encryption keys... See the previous story:

[NSA] Budget documents say the $652 million project has placed 'covert implants,' sophisticated malware transmitted from far away, in computers, routers and firewalls on tens of thousands of machines every year, with plans to expand those numbers into the millions.

Hell we have multiple celebrations of insecurity every year called "computer security conferences" where without fail new systems are compromised. How can you even look at stuff like Pwn 2 Own, and not have your brain melting in cognitive dissonance as you try to believe there are network attached scenarios where your data is safe from the NSA?

You want your data kept secret? Use whole drive encryption on machines that are never connected to any networks -- And even then there's the Ken Thompson Microcode Hack, so your systems could be theoretically pre-hacked from the factory... I won't buy a CPU that has remote cellular capabilities... Like Intel's Sandy Bridge. Laughed my ass off when I heard about that! "Security Feature" indeed. At least if the machine can't get on the networks there's a much lower chance of your data escaping if it's pre-hacked.

I don't know of any hacker worth their salt -- black, gray or white hat -- that doesn't have a directory of unpatched zero day exploits.
I keep mine in: ~/with/great/power/comes/great/responsibility/
Me having to navigate the directory structure has saved many a newb... The NSA has no such sensibilities.
If the data's encrypted, they assume it could be from a foreigner, and thus give themselves license to get at it, and they can.
This is what happens when you let Threat Narrative run amok.

Re:I like the idea

[vux984]

In other words : No US-based cloud service can really fight the NSA;

The key to fighting the NSA is to provide a completely transparent API.

And then rely on 3rd parties to deliver software that uses the API.

Even if the NSA knows that I have account with the cloud service, they don't know what client I use, (and even if i do, the client is on my equipment not "service based" there is no easy target to send a gag order too.

Essentially, dropbox, skydrive etc are all perfectly suitable cloud services.

What we need is them to do isopen them up wide open to 3rd party client development.

Re:I like the idea

[Andtalath]

Tpb was raided due to a threat from USA regarding an embargo towards Sweden.

So, well, if bloody Hollywood can put that type of pressure on a country, I believe a branch of the government can as well.

Re:I like the idea

[VortexCortex]

Hehe, oh... I mean, the company is named "Intel" FFS, haha ha!

Re:I like the idea

Tarsnap should also be mentioned in this context. It's a business started by Colin Percival, noted cryptographer and BSD developer. The client is 100% open source and runs on your machine. When Colin developed Tarsnap he found existing key derivation functions lacking, so he developed his own memory hard scrypt, which has found wide applications in other areas.

The major problem with "encrypted cloud" solutions is that encryption severely limits what can be done in the cloud. You can basically do encrypted file storage. You can't run virus or spam filters on your data, you can't index it and search it etc. So all the useful features we have in a Gmail session need to awkwardly and inefficiently be re-implemented on the client side.

The providers have very little incentive to do this and transform ad supported free services into paid ones (since data mining no longer works, ad revenue drops dramatically). While I would love encrypted email for everyone, it just won't happen for economic reasons. The NSA affair will be quickly forgotten and people will return to business as usual.

Re:I like the idea

[icebike]

When someone is buying a security product, and buying one that specifically bills itself as open source you can bet there will be many many sets of eyes on the code. It only takes one person to spot something like that, and you would be able to add your own layer of encryption on top of what was already in the open source.

So, no, open source is not as easy to beat as you suggest.

Re:I like the idea

[TheRaven64]

Full homomorphic encryption is really hard. Homomorphic encryption allows you to encrypt your data, do some computation on the result, and then perform some operation on the output to get the same result as doing the operation on the unencrypted data. Current solutions are at least a factor of 1000 slower than doing it on unencrypted data, but that's only for general case. There are ways of encrypting data that preserve certain properties so you can, for example, perform simple database operations on it in the encrypted form and only interpret the results if you hold the keys. The down side of these approaches is that they increase the size (effectively doubling it for every primitive operation that you want to support), but with storage becoming cheap they may become interesting...

Re:I like the idea

[TheRaven64]

It's harder to covertly insert a backdoor into an open source client because people can watch the changes. It's much easier to insert it before it's open sourced, because then people have to review the entire code drop at once. That said, adding a back door into OpenSSL would be comparatively easy because no one understands the convoluted twisty maze of code paths in it.

Re: I like the idea

It's not quite accurate to call Tarsnap "open source". While all of the source code is publicly available (in fact, the client is _only_ available in source form) the license forbids using it for any purpose other than connecting to Tarsnap's service.

That said, Tarsnap is still awesome, well priced, and just works.

Re: I like the idea

[Architect_sasyr]

Open Source - "where the source code is freely available". Different from "Free Open Source" - which includes definition of license.

Re:I like the idea

if bloody Hollywood can put that type of pressure on a country, I believe a branch of the government can as well.

Hollywood is a branch of the US government!

Re:I like the idea

if bloody Hollywood can put that type of pressure on a country, I believe a branch of the government can as well.

Hollywood is a branch of the US government!

On the contrary: the US government is a branch of Hollywood.

Re:I like the idea

[Joce640k]

What's to stop me encrypting my files then putting them on normal dropbox?

Re:I like the idea

[Nikker]

Compressed cypher text should be quite easy to crack shouldn't it?

Most compression algorithms use a dictionary, if you knew approximately the dictionary was in the data stream it should make it fairly easy to guess the key wouldn't it?

Compressed English for example would have many similar dictionaries amongst most digests. Knowing the most common dictionary entries statically analyzing the cypher text would result in a clear text digest which in turn would be trivial to reveal the message.

Of course I welcome any insight from anyone more knowledgeable since I am not well versed in cryptography.

Re:I like the idea

NSA rootkit in your OS capturing your key. For the truly ultra-paranoid conspiracy theorists of you.

Re:I like the idea

[Alef]

It's pointless anyway against the NSA. Seriously. Every single modern operating system (including on routers) has tons of unpatched exploit vectors. There's even a black market for them. The NSA can just infect your machines and ex-filtrate your data and/or the encryption keys...

If you are individually targeted by the NSA, then yes, you probably don't stand much of a chance. But they couldn't use that kind of attack vector en masse without it being discovered fairly quickly, so it still helps against dragnet fishing.

Re:I like the idea

[Shemmie]

Another service offering:

SpiderOak uses AES256 in CFB mode and HMAC-SHA256. SpiderOak uses a nested series of key scopes: a new key for each folder, version of a file, and the individual data blocks that versions of files are composed from. Having keys with such limited scope allows for selective sharing of chosen portions of your data while keeping the remainder private.

        Most importantly, however, the keys are never stored plaintext on the SpiderOak server. They are encrypted with 256 bit AES, using a key created from your password by the key derivation/strengthening algorithm PBKDF2 (using sha256), with a minimum of 16384 rounds, and 32 bytes of random data ("salt"). This approach prevents brute force and pre-computation or database attacks against the key. This means that a user who knows her password can generate the outer level encryption key using PBKDF2 and the salt, then decipher the outer level keys, and be on the way to decrypting her data. Without knowledge of the password, however, the data is unreadable.

        SpiderOak accounts also include a 3072 bit public/private RSA key pair. This is currently not used for anything, but is included with all accounts with the expectation that SpiderOak will add multi-user private collaborative and sharing features which would necessitate the use of the the public/private keys.

https://spideroak.com/ .

Re:I like the idea

[rvw]

But I prefer that my encryption tool and my cloud storage service be completely separate. (How do I know Lockbox isn't sending the keys to the NSA, or whoever?)

I use Crashplan for online and local backup. They have two options for encryption. The program itself can generate a key, which is shared with CP. When you lose the key, they can get it back, and your files are still save. You can create your own key, which is only saved locally on your computer. If you lose it, all backups are lost. I've thought about this many times, and there is no way of knowing that this key is being sent to CP, for me at least. And probably this key is never sent, but then there is no way of knowing that while synchronizing the backups, a (masked) command from CP is sent to my computer which asks for the key. Probably it would work that way, because it would mask the option a lot better.

Re:I like the idea

[Zimluura]

tinfoil hats used to be a fashion choice. now they're a necessity.

Re:I like the idea

[Dunbal]

For the truly ultra-paranoid conspiracy theorists of you.

No, the ultra-paranoid are thinking about the back doors built into hardware/firmware. Hacking into your network chip without it even reporting activity to you, and silently scanning your computer underneath the OS. Rootkits/backdoors in the OS itself are not only a possibility, they are likely - no matter how much Microsoft denies it. Certainly there is documentation claiming they can at least grab anything in your "Outlook". But once you're in - you're in.

Re:I like the idea

[rvw]

Yes, most of the online backup services offer this. Crashplan does the same. I have the keys, they don't.

I use CP as well, with a private key. How do you know that they haven't sent that private key to their servers? I don't, but I'm pretty sure they won't do this by default. If it comes out, it's not good for their business. But how about an obfuscated command that tells the local backup program to send the key to them? It would only be used rarely, so it won't be discovered quickly. Can you assure me that such an option does not exist? I can't.

Re:I like the idea

[Dunbal]

Drop "US-based", because the US government has already made use of foreign police (Sweden illegal server raids, New Zealand illegal server raids, extradition of "hackers" from the UK, etc) to shut down foreign sites claimed to be violating US laws. Perhaps it's better to say "No cloud service in a US friendly country can really fight the NSA". So you can always go for storing your data in an UNfriendly country. But since they're unfriendly what makes you think your data would be safer there? Quite the conundrum.

Re:I like the idea

[Joce640k]

NSA rootkit in your OS capturing your key. For the truly ultra-paranoid conspiracy theorists of you.

Yes, but what's the advantage of this new one? Surely the NSA will target it specifically, where I could be using any type of command-line encryptor.

Re:I like the idea

[drinkypoo]

In other words : No US-based cloud service can really fight the NSA; unless they are prepared to shutter the service and go to jail for the cause, which is not likely.

Seems like a dandy way to make enough money to leave the USA, though. Start cloud service, collect money, put it in offshore banking like all the actual criminals in government. Eventually the NSA serves you an order, you leave the country and then shutter the service and publish the order, spending your days drinking Mai Tais in a non-extradition country.

Re:I like the idea

[BitcoinBenny]

I think I have some insight into this as I have an end to end encrypted cloud service called coinlock.com My slashvertisement on the subject was ignored though ;) millions in funding tends to get people noticed.

Anyway on this particular subject I think you have hit the nail on the head. The key to long term security is to completely open up the API and separate the client side components so that third parties can use te service with their own sotware or with the software that you have provided them directly on their local computer.

This is easier said than done for most services, but its something that I am striving towards and intend to do a full client auditable release as well as publish the public facing api. This idea that people can move their services outside of the country and it matters I think is very flawed. U.S. companies are subject to the law regardless of where they do their hosting, and the managment team is the weakest link in the security chain. This is something that is best solved by transparency.

Re:I like the idea

[Zontar+The+Mindless]

Thank goodness most of those chips are made in China!

Re:I like the idea

[Electricity+Likes+Me]

Properly implemented encryption isn't easily breakable and there's only a few types of usable ciphers out there. Of course this sounds custom and probably proprietary, so in fact there's no reason to trust that at all.

Re:I like the idea

[Impy+the+Impiuos+Imp]

Presumably Lockbox deletes your half of the key when you sign up. (And burns their key storage HDD freed space?)

The NSA would have to demand unused keys beforehand, not knowing who might use them i.e. completely without warrant, which I think is a whole new ballgame they aren't engaged in yet (officially or legally anyway).

Re:I like the idea

[fastest+fascist]

Even if you don't think the devs have put a backdoor in yet, can you be sure they won't comply with a secret order to insert one into their system?

Re:I like the idea

[znrt]

You can basically do encrypted file storage.

cool, because that's everything i would ever want do in the cloud.

all the useful features we have in a Gmail session need to awkwardly and inefficiently be re-implemented on the client side.

i'm lost. what features? and what's wrong with client side implementation of them?

Re:I like the idea

The Spanish Inquisition?

No one expects them.

Re:I like the idea

[dlingman]

Having actually done tests on tinfoil hats, we came to the conclusion that tinfoil just doesn't work. Steel wool does though. Maybe you can use the tinfoil to wrap the steel wool to contain it so it's less scratchy.

(and yes, this was real - we needed to determine behavior of a device as it slowly lost it's incoming signal - wrapping in steel wool worked great for this.)

Re:I like the idea

[Luckyo]

You misunderstand. Hollywood is the propaganda arm of US government. As a result, while it does enjoy significant protection of US government as to enable it to perform its task (financially self-sustainable domestic and international propaganda), it most certainly does not command US government beyond its ability to influence the puppets, otherwise known as politicians in the same way that other similar agencies can influence the same puppets.

It still has to combat all the other agencies, and in that game agencies like NSA and CIA hold much stronger cards as they have blackmail material on everyone, as well as ability to simply remove people they do not want.

Re:I like the idea

[znrt]

have modpoints, but can't find the "Wishful thinking" tag.

Re:I like the idea

[rvw]

I said I'm pretty sure they are not sending the keys over to their servers right now, by default. It could very well be that a backdoor like that is already in place. I know it, and still I use it. I don't have a better alternative yet, affordable I mean, but I'm thinking about it. With all news about Snowden, PRISM etc, Wikileaks in the past, I still think that if they go after me, they will succeed. There is no good alternative and I don't have the knowledge to counter them with reasonable success, so for the moment I'm sticking with Crashplan.

Re:I like the idea

[BitZtream]

Except what happens is it is open source ... and everyone uses pre-compiled binaries ... which could easily have a backdoor added to them.

Just being open source doesn't provide you with any benefit if you don't know what to do with it or choose not to bother.

Re:I like the idea

[icebike]

True, but you wouldn't even need ssl with client side encryption.

Much of the problem with encryption is that everyone relies on libraries, (due, to the same reasons that cause panic attacks on slashdot has when anyone mentions "rolling their own").

Reliance on Microsoft Crypto binaries, which are already backdoored by the NSA) would have to be a no-no in any Open Sourced client. That would make the code a bit more complex. Other than that the encryption routines themselves would not have to be all that complex, and with third party eyes on it it could come to be trusted.

This whole line of argument is that the NSA could force the insertion of something into software.
I'm not sure there is a legal precedent for that, and some people would rais a stink or simply shut down the whole business, signaling to the world what had happened.

Re:I like the idea

[icebike]

It only takes one set of eyes, and one post to Slashdot.

Re:I like the idea

[santosh.k83]

If NSA or some agency had got its hands at the hardware level, engineers and admins would've noticed it by now, just like Stuxnet was noticed. A malware that's completely invisible would also likely be a useless malware, and the moment there are effects to be observed, close testing ought to reveal it. What we need is cooperative internationally monitored agency for testing and auditing hardware, much like the standards bodies but much more in detail. If it's international, one country's engineers won't hesitate to reveal the dark designs of another country. Yes they can bought off but not all, not everywhere. As for using Microsoft, well for security a fully open source bootstrapped software stack is a minimum these days. Closed source software is just too easy to infiltrate by governments. Intimidating one company is easier than fooling all the eyes on the Internet!

Re:I like the idea

[mysidia]

Presumably Lockbox deletes your half of the key when you sign up. (And burns their key storage HDD freed space?)

Nevertheless; your half of the key has to reside on your computer for you to consume the material, and it is probably a simple matter for a little bit of malicious code on the client side to upload your half of the key. All the NSA has to do is covertly cause or require that little bit of malicious code to be inserted.

Re:I like the idea

[mysidia]

If it were my choice, there wouldn't be any. The installer pulls down a well-known compiler (say a specific version of gcc) from a server known to publish it and source code from our source code server, builds it, and installs that.

Ah, but if the NSA tampers with the binary, the installer covertly puts down something else as well; as in it puts down the compiler, downloads the source, compiles it, and then as the last step before linking: quickly applies a binary patch to a .O file, and then links them, forming the executable.

As long as there is binary code executing that was downloaded, even an installer; you never know for sure.

And yeah.... altering a compiler works just as well as altering a program -- because a compiler can be altered to emit a patch

Re:I like the idea

[mysidia]

. The key to long term security is to completely open up the API and separate the client side components so that third parties can use te service with their own sotware or with the software that you have provided them directly on their local computer.

There is a reason that real cloud companies might like to never do this.

What happened when Amazon published EC2 APIs without constraints? Someone built Eucalyptus.

If the APIs are opened and open source investments in clients allowed; this sacrifices a potential moat that the cloud provider could otherwise build around their company. It assists competitors; by allowing the competitors to just spin their own backend implementation of what is now an open protocol.

It may also be setting free what otherwise may be perceived as valuable intellectual property --- the sync client protocols.

I assume, for example that would be why Dropbox and BitTorrent Sync client are closed protocols: to discourage competition

Re:I like the idea

[Zontar+The+Mindless]

Unlike the previous comment I made that got a "Funny" mod, this one was actually intended as humorous.

Re:I like the idea

[Joce640k]

If they have backdoors into the OS (or can get a virus onto your machine) then automatically sniffing the password for known pieces of software is easy - you know where it's stored, which .dll files to hook into, etc.

It would be much harder to automatically sniff the password for something I cobbled together with a batch file. Yes, it's "security by obscurity" but even that has *some* value.

Re:I like the idea

[LWATCDR]

"I would opt for a European country with more a sensible legal system like Switzerland" because Switzerland never cooperates with governments for money. And this is what happens when people do not know history....

Re:I like the idea

That's a lot of nice buzzwords that are thrown out there. But they're closed source and in the USA, so it all comes down to "Trust us." Do you? Why?

Re:I like the idea

[cavreader]

It would probably be wise to find out exactly where their 2.5 million seed money came from. However, now is the perfect time to invest in businesses trying to offer services that will keep your e-mail safe from government intrusion. It doesn't really matter if they can actually deliver the level of security they are advertising. Just by leveraging the publics bloated paranoia you can start making some real money. The first anti-virus tools where in response to the first widely published piece of malware and look at the number of companies milking that cash cow. Companies are making money hand over fist even though there is not a single anti-virus tool on the market today that can promise 100% protection.

Re:I like the idea

[ThatAblaze]

How about this idea: Put your source code and revision history in a closed source repo. If/when the NSA sends you a gag order that includes the provision that you can't talk about it just move to the open source model. That way other people who are not under a gag order can look through your code and do your talking for you.

It looks like with all these different sources for encrypted storage and encrypted email coming up we can basically play wack-a-mole with them until the courts finally acknowledge that people still do care about privacy. I have an encrypted cloud storage solution for my personal use, at least a dozen other solutions are in active development. I say the more the merrier. There comes a point where there are just too many small providers to even try to issue gag orders any more.

Re:I like the idea

[ThatAblaze]

If you are individually targeted by the NSA, then yes, you probably don't stand much of a chance. But they couldn't use that kind of attack vector en masse without it being discovered fairly quickly, so it still helps against dragnet fishing.

They are discovered. A talk will come out at a hacker convention exposing the latest backdoor, and the 0.1% that are actually at that convention will find a way to block that technology. The problem is that before about 3 months ago information about discovered backdoors had a very small audience and was not searchable. Now it has a larger audience, even though it's still not searchable.. so we're making baby steps.

Re:I like the idea

[ThatAblaze]

Compressed cypher text should be quite easy to crack shouldn't it? Most compression algorithms use a dictionary..

Of course I welcome any insight from anyone more knowledgeable since I am not well versed in cryptography.

Compression algorithms are easy to "crack", the algorithm to uncompress is known but that algorithm is very different for encryption algorithms. Compressing an encrypted file does not break the encryption in any way (however it also fails to reduce the file size, so what's the point really?) First compressing and then encrypting can make the file more secure, since brute force encryption cracking scans the file for text most of the time, and compression eliminates most of that text. However, if an attacker knows that your file is compressed and then encrypted they can just brute force against the compression headers and you've gained nothing.

Compression does not compromise your encryption in any way though. It's just a different layer with a different purpose.

Re:I like the idea

[RespekMyAthorati]

How about having a separate computer, not on the internet, that does the encryption?

Re:I like the idea

[RespekMyAthorati]

If Scientology can scare /. into submission (Scientology v.s. Slashdot), the NSA sure as hell can.

Re:I like the idea

[heteromonomer]

Very interesting. To a non-computer science person like me, this is actually mind blowing. Could you provide some (1-2) nice references for this? (Yeah I know, I could Google, but it has been my experience that when I am looking for scientific literature, Google is not comparable to a person in the field). Thanks.

Re:I like the idea

[fast+turtle]

By using an open API, there's absolutely no reason for you to develop/expend resources for encryption other then SSL/SSH. That means the quality of the encryption used by the client is now the problem and once a client becomes large enough to be annoying, the NSA swoops in and either shuts them down or compromises them.

Re:I like the idea

[trawg]

Just because you mentioned Switzerland, Wuala is a Swiss secure storage mob. Servers in Switzerland, Germany and France. Good focus on client-side encryption.

Re:I like the idea

[gottabeme]

I'm also using CrashPlan because, despite being Java and closed-source, it works very well and is a bargain.

The best alternatives include using generic storage services (like rsync.net or VPS hosting) and software like Duplicity, Obnam, or encfs+sshfs+whatever-backup-software-you-want. The problem with these is that the price per GB is much higher than with CrashPlan. And while encfs on top of sshfs works, it's pretty slow and probably unsuitable for more than a few hundred MB of data.

If you don't trust CrashPlan, you could use it to back up an encrypted filesystem, either an image (which would require constant block checksumming, but would work), or a file-based one like encfs or eCryptfs. Of course, it does run as root, so if you really don't trust it, you could run it on a separate system and share the encrypted data files over a network.

Or you could always use zip files and GPG and physical media. (And you probably should, even if you use online backup. Having an old physical backup saved me once, because deleted files don't appear on new backups.)

Re:I like the idea

[WaywardGeek]

Since that's an actual security precaution that could work, I suspect a paid shill with mod points will mod your comment down into oblivion, or at least post such drivel in response that no one wants to join in. I've been reading these security related posts on slashdot for years, and the pattern of ass holes making the conversation no fun when we might start collaborating on real security seems to be a highly repetitive pattern.

That extra computer could be a Raspberry Pi. For $35, it seems like a good investment to me.

Re: I like the idea

[Sean+Hederman]

What makes you think the network card would report the packets to the OS and then on to tcpdump?

Re:I like the idea

[TheRaven64]

True, but you wouldn't even need ssl with client side encryption.

You might like to look at what OpenSSL is actually used for. If you do any encryption, the odds are that you're using OpenSSL, or code derived from OpenSSL.

Re: I like the idea

[ameen.ross]

A separate box behind a level 1 switch with wireshark does the trick.

Re:I like the idea

[rvw]

I use CP to backup to a local machine, and I use this machine for other machines as well (family mostly). Then I use the online plan, plus Apple Timemachine for my laptop. As CP upload can take days or weeks to complete, I hope that at least one of them will work when needed. When you want to use an encrypted image, Apple has sparseimage, which is a collection of files, not one single file, for a disk image. I don't know if a similar system is available for windows or linux.

Re:I like the idea

[hmilz]

You may want to try Boxcryptor https://www.boxcryptor.com/

Re: I like the idea

[a_nonamiss]

SpiderOak uses AES256, which is closed-source and indirectly developed by the US Government, who may, or may not have their own key. So long as they're not the ones you want to protect your data from, you should be OK.

Re:I like the idea

[DuckDodgers]

SpiderOak open sources most (but not all) of their code and works like CrashPlan. CrashPlan charges per device, SpiderOak charges per 100GB of space. I prefer SpiderOak, your mileage may vary.

Re:I like the idea

[DuckDodgers]

You're misreading, I think. When you run the software, it hashes your file into named blocks using some one-way algorithm with your password, and encrypts the files using your password. It then sends the encrypted blocks to the server with the hashed names. Later if you want to request a file "abc.txt", it uses the same hash locally to determine the hashed name, and requests the hashed named blocks from the server. SpiderOak has no idea what you're requesting, if you pull down 50 blocks they don't know if it's the components of 3 different files, of 1 file, or of 50 files, and it doesn't know the decrypted file names.

You can go right to their website and login with your username and password to access your files. If you do that, they of course get your password in plain text and hash it to understand the data they have on their servers. But they explicitly recommend against ever doing this in their user documentation, for the same reasons you think it's a very bad idea.

Re:I like the idea

[DuckDodgers]

Usually the market leaders want to lock out the competition to maintain their position. But the upstarts want openness to encourage people to use the product instead of the market leaders.

Thus Twitter opened its API to third party app developers when it was small, but now that it's big they've slammed the door on everyone.

So DropBox and Bittorrent Sync won't open their protocols because they're the kings of cloud storage. But I bet there are dozens of lesser known cloud storage providers that do open their protocol or would if asked.

Re:I like the idea

[Barryke]

Which IMHO can cost more sweat than approaching this in bulk.
They'd narrow down the potential content types (notably by entropy) to get likely plain data chunks, and go from there using more encryption exploits, rainbow tables, and brute force. The bad thing about encryption is that its pretty predicable. A good solution starts with avoiding established standards.

Re:I like the idea

[hobarrera]

Ultraparanoid using an MS OS? OUTLOOK? LOL!

Re:I like the idea

[gottabeme]

I would like to use SpiderOak, especially if they open-source their entire client code. But CrashPlan's unlimited space makes it a nearly unbeatable deal. I like not having to worry about usage, and being able to dig up an old, accidentally-deleted file long after it's gone. Decisions, decisions...

Re: I like the idea

[Eivind]

AES256 is entirely public. Furthermore, that's an *algorithm* not a piece of software -- the algorithm has been *implemented* hundreds of times, by hundreds of independent organizations, some implementations are open source, some are closed.

Furthermore, AES256 says precicely *nothing* about how to create a key, what it DOES say is how, given plaintext and key, you create ciphertext, and how, given ciphertext and key, you create plaintext.

Your claim that government could "have their own key" is thus nonsensical -- you can, if you like, create your aes256-keys by tossing a coin.

Re:I like the idea

[Eivind]

That still only works if you trust the hardware and software of that computer. The problem is that if the software you used to encrypt stuff was backdoored, it could leak the key (or fractions thereof) in the ciphertext.

It could do this only sometimes, so no amount of analyzing the ciphertext could convince you that it's honest. Perhaps it only leaks the key if run on a friday the 13th. You simply don't know.

The leaked key, could itself be encrypted so that only the entity planting the backdoor is able to "open" it.

Re:I like the idea

[Eivind]

Perhaps. But it's hard to say. Let me construct a scenario, and tell me how you (or anyone!) would notice:

Some ciphers work on blocks of fixed size, and add padding to reach this length if message is shorter. (example: message must be n*16 bytes, if not, pad message with random bytes at the end, until it is.)

Let's say I've backdored a program implementing such a cipher. The backdoor is this: Instead of padding with random bytes, I do this:

1) Take as much of the secret key as will fit in the padding-space. (if 9 bytes of padding is needed, I take the first 9 bytes of the secret key)

2) I encrypt this (using a algorithm that can encrypt any-length messages) using a second hidden backdoor-key.

3) I swap the last n bytes of the ciphertext with this encrypted partial-key.

Result: Message-size is unchanged. Encryption and Decryption works as specified. n-last characters (the padding) looks like random noise, and is supposed to BE random. How do you notice ? How do you detect that the last n characters is really part of the key, encrypted, and NOT random noise ?

(To make this more fun: I left one big flaw in the scheme there IS a easy way to detect that this shit is going on -- but there's also a way to patch that flaw, I'll explain that in the next message if you find the flaw)

Obligatory 5 dollar wrench.

[JWSmythe]

http://xkcd.com/538/

Re:Obligatory 5 dollar wrench.

[DirePickle]

With the recent "revelations" (they're not), it would be obvious that xkcd was pretty far off the mark here. The NSA is engaging in a far-reaching fishing expedition that is not practical to conduct with wrenches.

Re:Obligatory 5 dollar wrench.

[jamesh]

With the recent "revelations" (they're not), it would be obvious that xkcd was pretty far off the mark here. The NSA is engaging in a far-reaching fishing expedition that is not practical to conduct with wrenches.

But on the other hand if their "far-reaching fishing expedition" doesn't give them the information they want, and they want it badly enough, a wrench always works.

Re:Obligatory 5 dollar wrench.

[MichaelSmith]

Even so, this service does not protect an individual against wrenches.

Re:Obligatory 5 dollar wrench.

[rvw]

With the recent "revelations" (they're not), it would be obvious that xkcd was pretty far off the mark here. The NSA is engaging in a far-reaching fishing expedition that is not practical to conduct with wrenches.

But on the other hand if their "far-reaching fishing expedition" doesn't give them the information they want, and they want it badly enough, a wrench always works.

Some people simply won't give in, even if you use that wrench on their loved ones.

Re:Obligatory 5 dollar wrench.

[rvw]

Even so, this service does not protect an individual against wrenches.

Indeed it doesn't, but a wrench is not guaranteed to work either.

Re:Obligatory 5 dollar wrench.

[jamesh]

With the recent "revelations" (they're not), it would be obvious that xkcd was pretty far off the mark here. The NSA is engaging in a far-reaching fishing expedition that is not practical to conduct with wrenches.

But on the other hand if their "far-reaching fishing expedition" doesn't give them the information they want, and they want it badly enough, a wrench always works.

Some people simply won't give in, even if you use that wrench on their loved ones.

Yes but that's the sort of person the NSA really is interested in. My secrets, i'd give up in a hearbeat in that situation.

Re:Obligatory 5 dollar wrench.

[jon3k]

1. Require a password and a private key file stored on computer to decrypt files (Two factor authentication)
2. Two sets of logins: One set of credentials is to your normal account, the other has a login/startup script that wipes the private key and DoD wipes the free space
3. When the NSA asks for your password, give them the wipe password

Congratulations, the NSA can beat you with a wrench all they want, it's not possible for you to give them the encryption key anymore.

Re:Obligatory 5 dollar wrench.

[Urkki]

Even so, this service does not protect an individual against wrenches.

Indeed it doesn't, but a wrench is not guaranteed to work either.

If the wrench does not work, you're holding it wrong.

Re:Obligatory 5 dollar wrench.

[rvw]

Even so, this service does not protect an individual against wrenches.

Indeed it doesn't, but a wrench is not guaranteed to work either.

If the wrench does not work, you're holding it wrong.

What I mean is that (1) the wrench could kill the person; or (2) the person could refuse to answer, no matter what force or method they use. Not many people can withstand that, but it certainly has been done before.

Re:Obligatory 5 dollar wrench.

[currently_awake]

I believe standard practice is for police to back up your hard drive before they start forensic stuff. So you give them a wipe password, then they go for the real one.

Re:Obligatory 5 dollar wrench.

[jon3k]

Ah good point. Ok, the key file to decrypt is stored on a remote server. If the restored copy of the hard drive cannot connect to that remote server, it cannot decrypt the stored information. The remote machine hosting the key file is accessible only via TOR. Have someone else setup the actual remote site so you only know it by it's TOR address. Again, two passwords but the wrong password wipes it on the remote side. This forces them to connect to TOR to attempt to decrypt and then they remotely wipe the key for you once you give them the tainted password, rendering the private key file unrecoverable.

Re:Obligatory 5 dollar wrench.

[JWSmythe]

So lets see... They thing you're a bad guy with something nefarious in encrypted cloud storage..

They ask for the password, you give the duress password.
They ask again for the password, since that one didn't return valid data..
They beat you for the password until you either give the real password, which you can't any more, or you're dead.

Official cause of death? You tripped.

In the end, the data is wiped, and you're a bloody pulp on the interrogation room floor. Regardless, the problem has been mitigated, and you saved them the trouble of destroying your nefarious something.

Was whatever you had worth hiding? Probably not. Not that I want agencies going through my personal stuff, but when the choice is being beaten down, and possibly killed, that duress password was the worst one to give up first.

Re:Obligatory 5 dollar wrench.

[ArsonSmith]

Not always: http://www.truecrypt.org/docs/plausible-deniability

Re:Obligatory 5 dollar wrench.

[bingoUV]

While I don't disagree with the central theme of your post, but

since that one didn't return valid data.

This is not the information they necessarily have. That is to say, they cannot necessarily make sure whether that decrypted data was "valid" or not.

The real reason why duress password is unlikely to work is - they read and possibly reverse-engineer the software into you are putting passwords. And can figure out it has an option of 2 (or more) passwords, and keep hitting you until you reveal all.

Re:Obligatory 5 dollar wrench.

[L4t3r4lu5]

Rule No. 1 of data forensics (criminal investigation, data recovery etc): NEVER work on live data. EVER.

Criminal forensics teams have special devices with no write access to the drive, so they couldn't wipe anything with your password anyway.

Re:Obligatory 5 dollar wrench.

[rastos1]

This is government we talk about. The wrench would likely to be $5234.99.

Dream on

[Damouze]

Whatever the encryption is, you can bet your bottom dollar bill that the NSA is at least two decades ahead of it.

Re:Dream on

[BlueStrat]

Whatever the encryption is, you can bet your bottom dollar bill that the NSA is at least two decades ahead of it.

That's why, if you want it really secure, you leverage their own security.

Hack an NSA/TLA network, and store your encrypted data right alongside of their data.

You could hide your data on Obama's Blackberry servers, or on Gen. Alexander's, Valerie Jarret's, or Clapper's machines.

For extra happy-fun-time, make sure to include some CP, bestiality, and snuff films in separate files/folders, and then out them publicly. Sauce for the gander. :)

The US government has by their own actions declared a de-facto no-rules, no-laws, screw-the-Constitution, all-out cyber-war...not only against every other government including supposed US "allies", but their own citizens as well. History teaches that the dues incurred for such hubris always get paid.

Strat

Wuala

[ruhrguide]

... exists. But as mentioned by bondsbw, you can't control wether it sends your keys to a third party.

Cloud

The summary contains the word "cloud". Next please.

If they want you

[nurb432]

They will just attach to your PC 'end point' and get their data before you encrypt.

There is no hiding at this point of the game. Well, really its been that way for a bit now, just most people who knew this were called tin-hatters and paranoid. Its nice to be vindicated, sometimes..

Re:If they want you

[AHuxley]

In the old days a gov would go after the coders, hardware makers, publishers or even create a 'trusted' front company.
The big telco and computer brands handed over clear text making life much more easy but old methods are still waiting for anyone.

Re:If they want you

[jon3k]

Explain to me how they attach to my "PC 'end point'" on my linux workstation.

Re:If they want you

[currently_awake]

A customized software update to your web browser should suffice. A NSA letter will get your ISP to re-route your updater to their site, and they are in.

Re:If they want you

[jon3k]

I only update my browser from the public repos which is signed using their private key.

Re:If they want you

[nurb432]

*rootkit* cough* rootkit*

They come in while you are away at work and install whatever they want on your hardware.

And?

[fustakrakich]

So what stops the feds from seizing your 'cloud' and locking it up in the impound?

Re:And?

[AHuxley]

Or a NSL to add in another server?

Great idea but...

[Zemran]

...based in California - cannot trust the security... ...UK - what is security? ...Australia - the FBI asked us nicely...

Re:Great idea but...

[munch117]

...based in California - cannot trust the security... ...UK - what is security? ...Australia - the FBI asked us nicely...

You have some fine words there, now you just need to put them in order to form a sentence :-)

They're actually Australian-based, according to this press release. Not that it helps much - with a strong US presence they are still vulnerable to national security letters.

Re:Great idea but...

[Figj]

The Lockbox technology comes out of Melbourne, Australia. So (with completely client-side key/storage management) it looks pretty bad for the NSA or FBI: (1) No keys - all keys are client-side (there are no server-side keys) so they'd have to go after each end user individually (2) No ciphertext - users can store their encrypted data directly onto any overseas S3 server (e.g. Europe, Asia, South America) (3) No application influence - Lockbox is based in Australia and there is no Australian law nor treaty that could force an Australian company to compromise their commercial offering, nor any way to prosecute if the poisoned code didn't work. (Even if they could force poisoned code, they could never keep it secret as anyone could dissemble Lockbox's client-side code to reveal the poisoned code.)

not secure

[BradMajors]

It says Lockbox will do the encryption, which means Lockbox knows the encryption keys, which means that the NSA will ask for and receive the encryption keys from Lockbox.

Re:not secure

[GigaplexNZ]

Doesn't necessarily mean they know the decryption keys does it?

Sounds like a job for...

[SGT+CAPSLOCK]

Sounds like a job for... Well, any of the millions and trillions of safer, free, open source software utilities which can do the exact same thing without exposing your keys to some third party.

I wouldn't trust anyone but myself with my private keys, and I certainly wouldn't trust anyone else to generate private keys for me.

For that matter, I don't trust my data to be safe in anyone else's computer, but I guess that's OT.

Re:Sounds like a job for...

[SGT+CAPSLOCK]

Vigintillions, my friend.

Honestly, I didn't mean for that number to be taken literally. This is Slashdot! How could it be taken as truth without a reference?!

Re:Sounds like a job for...

[rvw]

I wouldn't trust anyone but myself with my private keys, and I certainly wouldn't trust anyone else to generate private keys for me.

But you trust a program on you computer to generate those keys? Or have you compiled from source? Have you checked the source before compiling? Are you 100% sure no keylogger software or hardware is present?

If only the hardware wasn't already compromised

[ReallyEvilCanine]

Without known-secure hardware and and OS to run it, all the fucking encryption in the world don't mean squat. And before the fanbois scream, "Lunix is Teh Shiznit Seckyoor!" remember that you have to know the compiler is safe as well (*cough*Ken*Thompson*cough*).

Re:If only the hardware wasn't already compromised

[Microlith]

The thing about Ken Thompson's theoretical attack is that it would inevitably be detected. It's an interesting thought experiment, but a functioning example that would be able to discern the right program to attack (and differentiate between a kernel and a userspace application) has not been shown as far as I am aware.

Re:If only the hardware wasn't already compromised

[jon3k]

1. Compilers are open source, we can verify it doesn't insert a backdoor.
2. You can decompile binaries and verify nothing has been added.

All one's eggs in one basket is never a good idea.

[MobSwatter]

This will work until they get the NSL, then it is over as with anyone they send one to.

Re:What exactly is $2.5 million funding?

[GPLHost-Thomas]

It's funding the advertising campaign on slashdot.

Lockbox

[Cyfun]

Didn't Al Gore already invent this a long time ago?

Re:Lockbox

[rvw]

Didn't Al Gore already invent this a long time ago?

Al Gore invented inventions. So basically - yes.

Clown Computing!!!?? Stop already.

[marienf]

Can we stop pretending that "The Cloud" has actual meaning, technical relevance, etc..?
Do we really have to go back to the fracking mainframe with all our eggs into one (someone else's) basket,
and at the mercy of whatever corporate greed du jour? Your Brains! They are SOOOO CLEAN!

We have so much computing power and bandwidth in the home and office that it should be perfectly feasible
to go exactly the other way, do away with the stupid client/server model and go 100% P2P, keeping
one's own data on one's own hardware in one's own home.

ISP's that go symmetric and neutral will survive.

Re:Clown Computing!!!?? Stop already.

[TheSeatOfMyPants]

While I'm not a huge fan of cloud services, they *do* provide me with one huge benefit: the sync/backup service I use provides live versioning, so when something goes horribly wrong on a document that I don't notice until several saves have gone by, I can easily restore it. The only comparable programs I've found either tapped my drive/CPU near-constantly enough to slow the system down or required extensive manual configuration.

Re:Clown Computing!!!?? Stop already.

[marienf]

Sure, ok, but that only means you have a well-designed backup service, and that has nothing to do with where it stores its data: It could be saving to your own device, or to devices at one or more trusted parties *of your choice*. In essence, towards devices managed by people that you have a mutual agreement or a true definable trust relationship with.

I'd like to hear *one* example of a useful application that is better off in "the cloud" than implemented with other schemes, even a bunch of VM's in your own data center. All I can think of are one-off raw-power activities using only publicly available data. And even those could be distributed if you have an adequate web of trust.

Re:Clown Computing!!!?? Stop already.

[rvw]

I'd like to hear *one* example of a useful application that is better off in "the cloud" than implemented with other schemes, even a bunch of VM's in your own data center. All I can think of are one-off raw-power activities using only publicly available data. And even those could be distributed if you have an adequate web of trust.

The usefulness is not so much that the cloud is better, but it's much cheaper and much more available for clients with smaller budgets. Having a 200GB backup service for $10 a month, or my own server for $20 a month, with high availability, high speed upload and download. I can't offer that here at home (slow upload, no offsite backup) or elsewhere (much more expensive, more difficult handling the hardware in case of trouble).

Re:Clown Computing!!!?? Stop already.

[marienf]

I see your point, and I also see the communications failure that is entirely my fault.

I'm writing about where I think we should take our dollar (euro.. etc).. to achieve our goals of security, safety, efficiency, privacy of our data, in the near future, you guys are writing about how this can or cannot be solved in the current situation, today. I think we should take those dollars (and those bytes) away from Big Data and towards ISP's that offer neutrality and high upload speeds, using tech like

http://en.wikipedia.org/wiki/Very-high-bit-rate_digital_subscriber_line_2

and a web of trust + good encryption and your backup (and a lot of other things you now host somewhere) can transparently be HA over a whole bunch of machines of folks you know (and theirs on your H/W.) You don't have to pay for tier-1 storage, just duplicate more.

I believe our freedom requires the death of the C/S model, and a focus on improving the network itself to allow for full-featured P2P. Lots of little private clouds (cloudlets?) all over the Net, instead of a limited number of huge ones.

-f

Is it really safe / free (libre) software?

In this months Free Software Foundation news Bulletin the FSF points to what appears to be a similar offering that is free software friendly:

https://leastauthority.com/press_release_2013_07_30

I took a quick look at lockbox and nothing I saw screamed free software. I could be wrong. Maybe they are even using the same underlying software as LeastAuthority. However they haven't advertised that clearly enough (on front page). I'd be concerned in using a service that is more concerned about looks, isn't clear, and might even be snake oil.

If somebody has the time to take a better look please post a reply with the relevant facts and links to the source/evidence/etc.

Trusted client?

What's to stop the intelligence agencies from compelling the company to produce a compromised client? For example, logging the encryption keys somewhere, or subtly introducing flaws into the algorithm... I mean, right there on their website, "Only naive users would trust their cloud vendor" - so instead trust us - we *promise* we won't let the NSA sneak anything into our software...

About the only way you could have any real confidence in this is if you write your own client to manage all the encryption and use it as a dumb storage backend. And that assumes you can trust the OS and all the other software on your computer - I mean, the company pretty much has to operate out of a country, and that country probably has provisions in its law to compel co-operation with police investigations or intelligence agencies.

All they need to do is rock up with a court order that includes non-disclosure provisions, and wham, next time something auto-updates you're screwed. And if you don't install the updates, there's probably _something_ on your computer that phones home that could be used to identify your system and use all the un-patched vulnerabilities to sneak in a keylogger or similar.

You're probably better off writing coded letters, but even that is highly vulnerable to a wrench attack.

Wishful thinking

[trifish]

Until they are served with a secret order telling them (i) to install key escrow backdoor and/or (ii) until NSA starts implanting torjans onto the suspects' computers (like FBI did with some of the Tor users recently, exploiting an unpatched vulnerability in the TorBrowser - http://yro.slashdot.org/story/13/08/04/2054208/half-of-tor-sites-compromised-including-tormail ).

Cyphertite

[chriscappuccio]

Cyphertite's end-to-end system is already up and working. And inexpensive storage and fully open-source. And supports all major and minor platforms. What the fuck else could you want?

Encrypts and compresses?

[TheTrueScotsman]

One would hope they do the compression first otherwise there's very little point.

the cloud is dead

[0111+1110]

At best the service will simply be shut down by the NSA if they cannot compromise it. Lockbox claims to use client side encryption. If the system is executed perfectly and all of your data is fully encrypted before it leaves your computer this might be difficult, but if the service is shut down you will probably lose your data anyway. Which means you will need a local backup which would seem to ruin the point. I think it's about time to admit that saving any data on a remote server in the US, UK, or close allies of either has to be considered to be stored by the NSA/GCHQ and forwarded to other law enforcement agencies if deemed appropriate. And international cooperation in this regard among close allies cannot be ruled out.

In the sort of privacy-hostile environment currently faced in the US, UK and much of the world going full tin foil hat is the only way. Any information you want to remain private has to be encrypted by a system fully under your control before it leaves your computer and your passphrase has to not just be secure, but NSA/GCHQ secure. And it wouldn't hurt to toss in some multifactor authentication and steganography as well.

Re:the cloud is dead

[AHuxley]

Yes they have your tame mainstream OS/cell OS and every hardware "keystroke" before encryption and any needed knowledge of the OS.
Also recall many nations have sent their officer class to the US. They will recall the best years of their lives while working in the telco/security sectors...
Then comes the "just this once" telco/OS favour ....
Close allies or cold war friendships - or a nations law enforcement - its not your cloud.

Re:the cloud is dead

[mr100percent]

The NSA couldn't shut down PGP (though they did try unsuccessfully to restrict the public's access to it), and Snowden said it's still secure.

Re:the cloud is dead

[AHuxley]

They have the cooperation of the average users OS, its code and plain text input. Forms of onetime pads, PGP and other amazing encryption has always been an issue. The solution was Tempest, later weak/cheap global standards and now plain text as entered.

nas

[thephydes]

Why would you put your personal data in "the cloud". It seems to me that there are plenty of just-as-secure options in NAS, or have I been duped by that as well?

SpiderOak does it without using Java

[TheSeatOfMyPants]

SpiderOak has had client-only encryption/decryption using 2048-bit RSA & 256-bit AES for its sync/backup/versioning service for years -- I believe ever since they opened in late 2007. That sure sounds like what this newcomer is touting, except that SpiderOak also has free 2GB accounts with live versioning, and uses binary executables on all platforms to do the encryption/decryption (Lockbox uses a Java web client, which I thought was a security no-no).

FWIW, I don't get jack out of pointing out SpiderOak. I've just been really relieved that it has restored documents that I completely fucked up (live versioning FTW) and think it's seriously overlooked/underrated.

Re:SpiderOak does it without using Java

[chihowa]

SpiderOak is US based, closed source, and their "zero knowledge" implementation is not technical, but policy based. (Who knows, but the fact that they're not sweating the NSA thing like Lavabit and Silent Circle may indicate that they're already cooperating.)

They may be fine, but there's no way for you to know for certain. Any all-in-one (especially closed source) solution is going to require putting all of your trust in an opaque third party. You're better off with a layered approach.

PGP

[mr100percent]

We already have PGP, which is open-sourced. Will this be better and easier to use?

Online or Secure

[toygeek]

Pick one

Re:Online or Secure

[Cryptosmith]

Actually the alternatives are between "secure" and "managed by a third party."

The threat isn't being on-line, the threat is when you put unprotected (plaintext) data on a device managed by a third party that can succumb to secret leverage. This isn't just a question of secret FISA demands. The same problem would arise if Apple were so foolish as to store sensitive plaintext emails on a third-party email service that could get bought out by a competitor.

There is no obvious problem with storing properly encrypted data on cloud storage. The problem arises when you decrypt the data to process it further. There are a very tiny number of applications in which you can do further processing of encrypted data without decrypting it first.

Need to close their US office

[bradley13]

Seriously. If they want to be taken seriously as offering a service proof against the NSA, they need to not be an American company and to not have any physical US operations. Otherwise a secret FISA order (e.g., issue a client update that sends the encryption keys along with the next batch of data), and their customers are screwed.

No cloud service (or any other service) in the US can be trusted.

Re:Need to close their US office

Seriously. If they want to be taken seriously as offering a service proof against the NSA, they need to not be an American company and to not have any physical US operations. Otherwise a secret FISA order (e.g., issue a client update that sends the encryption keys along with the next batch of data), and their customers are screwed.

No cloud service (or any other service) in the US can be trusted.

LOLHARD @ avoiding domestic intelligence gathering by going abroad... that's like avoiding drunk drivers by hiding out in the bar's parking lot.

Re: vigintillions

[Bob_Who]

Urban Dictionary: vigintillion ~ www.urbandictionary.com/define.php?term=vigintillion
a very large number: 1000000000000000000000000000000000. used when wanting to sound smart.

LOL... also used when actually smart (IMO) but I thought that was funny result when I looked it up

Re:too incompetant for words

[Bob_Who]

mystery interior astrologers joy evil foreshow providence
fragrance Thou remindeth draught far_out_man deliverest
fit conceit urged to-day worketh strengthened seasons
genius wilderness stroke partaketh rudely edit departest
wavered adapted Jews don't_worry don't_even_think_about_it
contrite

Re:too incompetant for words

[Bob_Who]

mystery interior astrologers joy evil foreshow providence
fragrance Thou remindeth draught far_out_man deliverest
fit conceit urged to-day worketh strengthened seasons
genius wilderness stroke partaketh rudely edit departest
wavered adapted Jews don't_worry don't_even_think_about_it
contrite

Lastpass does that for Passwords

[Skylinux]

This is how LastPass.com works. Very good idea and works well but I must trust that future updates are not modified by an "NSA Patch" or some sort of court order.

One way to somewhat "NSA Proof" it would be to separate the encryption and storage software.
Storing an encrypted Linux container on a service like crashplan.com works well

Re:Lastpass does that for Passwords

This is how LastPass.com works. Very good idea and works well but I must trust that future updates are not modified by an "NSA Patch" or some sort of court order.

One way to somewhat "NSA Proof" it would be to separate the encryption and storage software.

you mean you should use the open source keepass, and sync your own encrypted database to your own choice of online storage provider (or your own private, self-hosted 'cloud') instead of using the out-of-your-control, closed-source, cloud-based lastpass?

Re:Hardware

[ReallyEvilCanine]

Are you that mind-blowingly ignorant or are you just so stupid and lazy that you haven't bothered to glance over anything avbout the subject?

Dunning-Kruger is becoming the new Godwin.

Truecrypy+Dropbox?

[stevegee58]

I don't see the value add of Lockbox. It sounds like what I'm doing now with the Truecrypt/Dropbox combination.

Which is defeated by the rubber hose.

[sethstorm]

If someone wants it bad enough, they will get it. Not only does it apply to cryptography, it also applies to traitors like Edward Snowden.

He will be found, prosecuted, convicted, and imprisoned.

Re:Which is defeated by the rubber hose.

[sethstorm]

While the people doing the releasing of documents will find themselves as accessories to whatever crimes the Snowden gets convicted of in court.

All that while the persons that helped locate, prosecute, and convict will be the true patriots - without any fear of retaliation.

Re:Which is defeated by the rubber hose.

[AHuxley]

That worked with authors, publishers and journalists until about the 1990's.
Think how well "found, prosecuted, convicted, and imprisoned" worked for Eastern Europe in the 1980's ... it gets you one person and buys any gov a few years.
The optics of such events catch up fast now.
Even sockpuppets and front groups are losing their traditional hold.

I think they understimate the cloud

[msobkow]

I think they underestimate the sheer power of the NSA's cloud. If they decide to sic it on a particular encrypted file, they *will* gain access. We're talking about tens of thousands of servers working to decrypt a file.

Sure they can't do it for every piece of data they're interested in, but if they want something badly enough, they will decrypt it.

Re:I think they understimate the cloud

[cheros]

Yawn. Yet another tech answer to what isn't a tech problem to start with. I suspect there will be gazillions more coming your way over the next few months because all the Silicon Valley entrepreneurs want to milk that market before people realise they've been had: IT IS NOT A TECHNICAL PROBLEM.

For a US based company it is 100% pointless to install any defence mechanism if some random official can walk in and ask for corporate data - the owner has to offer the data., unlocked.

For any organisation outside the US, it should simply ask the question: what are the chances that a US based organisation will NOT have a backdoor in its technology if such can be legally prescribed? As you have seen with Lavabit and Silent Circle, there are in principle only two ways forward: comply, or close shop. I leave you to note the clear risk in using security products from those who provide security products who have not closed down yet. Note: I'm not stating that all US sourced security products HAVE been provided with a backdoor, merely that it is legally possible to force the suppliers to implement them.

Eventually, someone will realise the real risk to the US economy: it's a profound lack of trust. This will take decades to fix, mainly because it involves a fight to either repeal those emergency laws or introduce some independent transparency and supervision. Meanwhile, whole swaths of Silicon Valley people will continue to sell what is at best privacy theatre, but which also risks becoming nothing more than security theatre as well.

Because backdoors and security do not combine very well.

Re:I think they understimate the cloud

[AHuxley]

You dont need to "break" anything if you can walk into the server room, install new hardware or just read the text from a users computer as entered.
The US has never really been bothered with that aspect of consumer grade encryption it seems.
You could present it, talk about it, break it, share it ... sell it, give it away free...
The encryption algorithms as sold had many eyes on them and worked just fine in many respects.
The OS, server or telco was the only key needed and works just fine in real time with any plain text.
The magic was letting generations of experts travel the world reviewing each others encryption algorithms and report back as been very confident.
If only more people had thought about the input side or output side.

Re:I think they understimate the cloud

[msobkow]

2048 bit encryption, yes, but lower key sizes? The decryption time increases exponentially with the size of the key.

1500 years was quoted by one article I read as the time for a "standard desktop" to crack a 1024bit key (worst case.) Given that the NSA has tens of thousands of processors at their disposal, that means it's probably more on the order hours for their clusters to crack a 1024 bit key.

The point is: just using encryption isn't enough. The encryption has to be sufficiently hard to be of any value, and your keys have to be securely stored in such a fashion that the NSA can't just steal them with one of their software-based attacks. And unless you're running a version of Linux where you've reviewed all the code personally and compiled from source, you have absolutely no guarantees about a lack of backdoors for the NSA and their ilk to use to steal your keys.

Re:I think they understimate the cloud

[msobkow]

Case in point: The Snowden files carried by that "companion" of a British journalist have already been partially cracked -- I believe they claim they have access to 75% of the TrueCrypt-protected data so far.

Re:I think they understimate the cloud

[bingoUV]

But that is the whole point, isn't it? To make blanket data acquisition difficult. One of the reasons why judicial approval is required (aka warrant) so that the executive cannot search the whole population in a blanket "search" of their "secrets".

So if decryption difficulty replaces judicial oversight, it sort of serves half the purpose of a warrant.

PS : Yes, the other reason for warrants is so that executive doesn't target someone because they are the opposing political party. That is not mitigated by this, so I accept your point in this limited way.

Hmmm...

[santosh.k83]

I just use GPG on client side, encrypt, and then transfer the files to any cloud service. The service doesn't have the key and their client cannot get at my key. The only way would be to infiltrate my system, bundle malware into GPG, or use the rubber hose on me, all of which are rather extreme scenarios! :-P

Re:Blog post in summary is factally inaccurate

[behrooz0az]

Just a bit late for getting my modpoints.

The Root Problem

[some+old+guy]

The root problem, appalling pun gleefully intended, is political, not technical.

Between unlimited resources and questionable legal tactics, the NSA and other sigint agencies can and will always compel or bribe that which they cannot hack. Software crowbars, legal hammers, and moneybags of grease are everything they need. For every new solution, they will create a new problem.

The only guaranteed solutions are either the (don't hold your breath) complete abolition these government entities, with no successor remakes, or the courts and Congress must hamstring them with crystal-clear transparency (still possible, but politically unlikely).

To believe otherwise underestimates the present unfettered powers, technical, legal, and financial, of the government.

Re:The Root Problem

[PPH]

the NSA and other sigint agencies can and will always compel or bribe that which they cannot hack.

The concept behind Lockbox isn't anything new. You have been able to encrypt and upload your own stuff to any server for years. I'm sure that this product is a point and click solution to something that the average Slashdotter could shell script. So it will be made available to a wider sector of the public.

The advantages of the 'roll your own' solution are: Each will differ just enough that the NSA will have to expend major resources to sort them all out. And if they need your keys, they will have to craft a custom 'bot to attack each platform. Or pay a visit to each user to waterboard the information out of them. There is no central point of weakness.

So, thanks for the effort. But I'll GnuPG my own files.

Re:The Root Problem

[dubist]

Yea I would agree with that.. This is a good blog posting on the topic.. http://www.autochthonous.org/blog/

Pricing?

[Shemmie]

£500 a year for 20 users, and 15 GB?

Really?

It seems what is needed here is to give up some

[mark_reh]

convenience. No modern OS should be used, no modern hardware, and no internet connection. I'm going to dig out my old 386 computer, stack of OS/2 floppies, and an old copy of PGP that I have on a floppy from when it first came out. The encrypted files will be stored on 5" floppies in my off-site safe and if they need to be shared with others, it will be done by sneaker net.

Wait, isn't that what Al queda does? Wait, if that is what Al Queda does, why is the NSA monitoring everything on the internet? What is their real purpose?

Re:It seems what is needed here is to give up some

[santosh.k83]

LOL... Or concerned and highly knowledgeable people can invest in ground-up (from the hardware level) effort towards building alternative infrastructures. Not impossible if enough interested parties can come together and work honestly...

Re:It seems what is needed here is to give up some

[mark_reh]

Yeah, but like Morcheeba says, "Who can you trust?"

Re:It seems what is needed here is to give up some

[santosh.k83]

Strictly speaking, no one, but that doesn't mean NSA would've got their hands and backdoors everywhere. And even if they "implant" at the hardware level, shouldn't it be possible to detect this by close analysis and reverse engineering, and there ought to be some way to cripple the function once it is detected? Regularly audited code-bases for operating systems (like OpenBSD) could be stored on international servers, and all it'd take is a single clean copy of compiler to bootstrap. At the application level, strong encryption ought to set them back for some more years yet. Anyway I guess we ought to continue to take reasonable steps instead of despairing at NSA's perceived omniscience and doing nothing...

OK Hypothetically

[Greyfox]

You deploy an app that is actually capable of NSA-Proofing the internet. How long do you reckon it'd be before someone pulls up next to your car at a light and shoots you in the ear? I doubt they'd actually be that unsubtle, but you know what they say... "Accidents happen ALL the time... to people who try to NSA-Proof the Internet."

Re:OK Hypothetically

[jon3k]

Naah they'd just snatch him up, tie him to a chair in a room and explain very carefully how he was going to backdoor his software. If you just kill him someone will just pop up next week doing the same thing. Better to just have a silent backdoor and let everyone go on thinking it's "safe".

Re:OK Hypothetically

[AHuxley]

Step one is the wealth generating deal that takes your developer/team/firm in an amazing new direction.
Step two is the buy in/out/offer.
Step three is the gov representative with very good news just for you as your so smart....
....
More offers, deals... do you have a legal team?
Finally your wealthy and making toys/sport games now or just wealthy or part of a new huge team ...

Exactly

[Bruco]

I was going to say something similar. EncFS + rsync over ssh. Somebody slap a GUI on my ugly shell script and let's sell this thing!

Re:Overreaction?

[AHuxley]

How can one go too far about plain text from trusted encryption?
Good security practices where build on a few basic building blocks/books/skill sets and an ever expanding acceptance of the 'cloud'.
Data and passwords where to be trusted in some distant network with very little thought or understanding.
Now we all understand more and can educate others :)

(Clown Computing!!!?? Stop already.)-Free Network

[marienf]

Focusing on the network can also mean taking it back into our own hands:

https://commons.thefnf.org/index.php/FreeNetworkStack :-)

Opensource?

[Lawrence_Bird]

If lockbox is not opensource then there is no way to be sure what is going on or what is happening to those keys. Perhaps they are appended to the end of the "encrypted" file with Lockbox's own key? Encrypt on your own first with a program you can probably trust (there is no 100% certainty even for open source).

Acid test

[sirnomad99]

If you want a good test to see if this service can actually do what it claims then watch the company closely and see if there is a move by the government to shut it down or otherwise strong arm it into being co-opted..

No US-based cloud service can really fight the NSA

[bagofbeans]

There's fighting without fighting, as the late Mr Lee would say.

The problem is "NSA agents will descend upon them, and provide a legal order requiring" something, as you say.

Make that ineffective. Host end doesn't hold any keys is easy. No make the client end that uploads open source AND externalise the key handling and algo choice from the client. A script into Truecrypt is a crude example of externalising.

Now, if the upload client suddenly starts wanting keys or anything else unecessary the user will be suspicious, and the knowledgeable can scrutinise the code.

Privacy laws

[bradley13]

Two points:

- Most other first-world countries have actual privacy laws. Which are actually enforced. The US is unusual in having no such laws. The fourth amendment is supposed to restrain at least the government, but lack of enforcement makes it pretty meaningless.

- If you go outside of first world countries, with the possible exceptions of China and Russia, the governments simply do not have the resources to spy on their entire population.

So the US is unique: A lack of effective privacy legislation combined with a government that does have the resources to monitor essentially everyone.

Re:Privacy laws

[Kazoo+the+Clown]

More important is whether or not they even care if you're hosting end-to-end encryption services. As long as they're getting their palms greased, they probably don't-- if they even have any idea what end-to-end encryption is.

Network speed

[santosh.k83]

For people like me in India, 256 kbps connections are still pretty much considered "broadband" and are expensive enough. With such a connection the security implications of Cloud storage matters less than whether it is feasible at all to use it in the first place. For example I've got about 300 Gb of data on my harddrive and about 5 Gb on my Google Drive which I spent around 10 days uploading with the patience of a saint! I simply won't be able to upload all my data to any Cloud with the kind of connections here. Besides loosing control of your data, Cloud is also dependent on the network quality, and that's the big killer for much of the world. Data duplicated across two different hard disks ought to be very safe, for individual users. Companies would of course need to maintain copies at several geographic locations. The great advantage of Cloud is mobility, but with storage densities increasing much of that attraction is getting diluted too. Combine that with loss of control and security risks and I can't see what the great fuss is about.

Patterns of Access

[hhr]

There is a additional security hole here that I'd love to see a solution to-- how to hide your patterns of access. The NSA is every bit as interested in who is access what data, when and where, as it is in the contents of the data. If a person of interested has accessed an encrypted file, then other people who access that same file are also very interesting. The actual contents of the file may just be icing on the cake.

IPsec

[Skapare]

I've been using IPsec for years. I bet the reason they are not using IPsec is because they can't patent troll it. That and I compress files BEFORE the encryption step since that uses less CPU for encryption step.

Its called GPG

[MikeBabcock]

I've been recommending to clients to use GPG to encrypt their backups to the cloud for a very long time now for simple hacker-proofness, NSA aside.

It shocks me that these cloud companies are storing private data online for people in the first place.

RLY? Switzerland?

[TarPitt]

It's been done already:

For half a century, Crypto AG, a Swiss company located in Zug, has sold to more than 100 countries the encryption machines their officials rely upon to exchange their most sensitive economic, diplomatic and military messages. Crypto AG was founded in 1952 by the legendary (Russian born) Swedish cryptographer Boris Hagelin. During World War II, Hagelin sold 140,000 of his machine to the US Army.

"In the meantime, the Crypto AG has built up long standing cooperative relations with customers in 130 countries," states a prospectus of the company. The home page of the company Web site says, "Crypto AG is the preferred top-security partner for civilian and military authorities worldwide. Security is our business and will always remain our business."

And for all those years, US eavesdroppers could read these messages without the least difficulty. A decade after the end of WWII, the NSA, also known as No Such Agency, had rigged the Crypto AG machines in various ways according to the targeted countries. It is probably no exaggeration to state that this 20th century version of the "Trojan horse" is quite likely the greatest sting in modern history.

http://www.schneier.com/blog/archives/2008/01/nsa_backdoors_i.html

Encryption will be broken

[manu0601]

Any encryption will be broken, it is just a matter of time. And we can expect NSA to have first grade encryption cracking capabilities.

The first line of defense when trying to keep data private is to avoid leaking it, even encrypted.

Wuala has been doing this for some time

[ITDruid]

Wuala, http://www.wuala.com/ has been doing the client side encryption for quite some time. They also offer lower pieces than Lockbox, including a free tier.

What's the point?

[skovnymfe]

They won't ever catch up with a government that essentially prints its own money to fight against terrorism.

http://arstechnica.com/security/2013/08/feds-plow-10-billion-into-groundbreaking-crypto-cracking-program/

Re: SpiderOak

[Figj]

Currently, SpiderOak isn't very private when sharing (hence the "expectation" sentance above). The core reason is that their sharing keys are server-side (see - https://spideroak.com/blog/20120507010958-increasing-transparency-alongside-privacy). Conversly, all Lockbox keys (and certificates) are purely client-side (there are no server-side keys) so that the "cloud" only ever stores encrypted blobs and is totally "blind" to all information being exchanged. If Lockbox got a legal (or NSA) demand they couldn't hand over anything except encrypted blobs of data (as they just don't have the keys). If SpiderOak got a legal demand, they'd have to hand over their shared data (as they do have access to the sharing keys).

Hope they're not based in the US

[Kazoo+the+Clown]

Good idea if either it's open source or based in Venezuela or somewhere... Otherwise, say hi to the TLA visitors you're about to have.

There's more to Encryption than SSL/SSH

[BuckB]

Relying on SSL/SSH only protects the socket between you and the server that you're talking to - which may not be the server that you think you're talking to. You are including a whole lot of stuff in your trust circle. Now if you meant use OpenSSL or similar libraries for your encryption core, then I agree.