[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Crypt data "on the fly"



On Mon, Jun 02, 2014 at 07:16:16PM +0200, Bzzz wrote:
> On Mon, 02 Jun 2014 19:01:17 +0200
> Diogene Laerce <me_buss777@yahoo.fr> wrote:
> 
> > I use crashplan and Im quite happy with them : very professional
> > and they do offer that service. ;)
> > 
> > Their website : https://www.code42.com/store/
>  
> From what I see, encryption is blowfish, which is good;
> but they also keep your key, which is very bad.

I like the idea of Crashplan, but just slapping the label of "Blowfish"
on their encryption isn't quite good enough [1].

If I could trust that the encryption was done competently, I'd move to
Crashplan in a heartbeat.


[1]
https://stackoverflow.com/questions/17005256/448-bit-blowfish-considering-the-64-bit-blocksize-is-it-secure-at-all-for-larg

> 
> This is the advantage of encfs: you keep your key, so the
> repository is just a shell.

Yes, but choosing your encryption badly can cause problems. For one, as
above, bad choices can mean poor security. But also a badly chosen
encryption scheme might mean unnecessarily large diffs (and so more
storage/bandwidth on your cloud provider).

Attachment: signature.asc
Description: Digital signature


Reply to: