[cryptography] LeastAuthority.com announces PRISM-proof storage service

danimoth danimoth at cryptolab.net
Thu Aug 29 08:44:37 EDT 2013


On 29/08/13 at 03:09pm, Nikos Fotiou wrote:
> A suspicious user may wonder, how can he be sure that the service
> indeed uses the provided source code. IMHO, end-to-end security can be
> really verifiable--from the user perspective--if it can be attested by
> examining only the source code of the applications running on the user
> side.
>

I agree with you and I propose a simply protocol which follows your
statement:

- encrypt your data with a simmetric cipher and a private and robust key 
- make an hash of the encrypted data and store it securely (no loss
  possibile) offline
- upload the encrypted data over some service.
- download the encrypted data when you need it, check the hash and
  decrypt with the key used in the first pass.

In this (simple) case, what is run server side does not nullify security
properties (confidentiality and integrity in this example), provided
that what is run user-side is "ok".


More information about the cryptography mailing list