[cryptography] LeastAuthority.com announces PRISM-proof storage service
zooko at zooko.com
Thu Aug 29 15:54:50 EDT 2013
On Thu, Aug 29, 2013 at 02:44:37PM +0200, danimoth wrote:
> On 29/08/13 at 03:09pm, Nikos Fotiou wrote:
> > A suspicious user may wonder, how can he be sure that the service
> > indeed uses the provided source code. IMHO, end-to-end security can be
> > really verifiable--from the user perspective--if it can be attested by
> > examining only the source code of the applications running on the user
> > side.
> I agree with you and I propose a simply protocol which follows your
> - encrypt your data with a simmetric cipher and a private and robust key
> - make an hash of the encrypted data and store it securely (no loss
> possibile) offline
> - upload the encrypted data over some service.
> - download the encrypted data when you need it, check the hash and
> decrypt with the key used in the first pass.
> In this (simple) case, what is run server side does not nullify security
> properties (confidentiality and integrity in this example), provided
> that what is run user-side is "ok".
The Least-Authority Filesystem does all of the above. We have some pretty good
More information about the cryptography