[cryptography] LeastAuthority.com announces PRISM-proof storage service

zooko zooko at zooko.com
Thu Aug 29 15:54:50 EDT 2013


On Thu, Aug 29, 2013 at 02:44:37PM +0200, danimoth wrote:
> On 29/08/13 at 03:09pm, Nikos Fotiou wrote:
> > A suspicious user may wonder, how can he be sure that the service
> > indeed uses the provided source code. IMHO, end-to-end security can be
> > really verifiable--from the user perspective--if it can be attested by
> > examining only the source code of the applications running on the user
> > side.
> >
> 
> I agree with you and I propose a simply protocol which follows your
> statement:
> 
> - encrypt your data with a simmetric cipher and a private and robust key 
> - make an hash of the encrypted data and store it securely (no loss
>   possibile) offline
> - upload the encrypted data over some service.
> - download the encrypted data when you need it, check the hash and
>   decrypt with the key used in the first pass.
> 
> In this (simple) case, what is run server side does not nullify security
> properties (confidentiality and integrity in this example), provided
> that what is run user-side is "ok".

The Least-Authority Filesystem does all of the above. We have some pretty good
docs:

https://tahoe-lafs.org/trac/tahoe-lafs/browser/trunk/docs/about.rst

http://code.google.com/p/nilestore/wiki/TahoeLAFSBasics

https://tahoe-lafs.org/trac/tahoe-lafs/wiki/FAQ

Regards,

Zooko


More information about the cryptography mailing list