Google to encrypt cloud storage
Dan Staples
danstaples at disman.tl
Mon Aug 19 05:02:38 PDT 2013
On Mon 19 Aug 2013 07:35:10 AM EDT, rysiek wrote:
> Dnia poniedziałek, 19 sierpnia 2013 13:12:35 Lodewijk andré de la porte pisze:
>> AES-128 is obviously not secure enough against NSA-type attacks. It works
>> against the random raid of the servers, the exploitative sysadmin and
>> perhaps even the remote exploit in the software. It also allows Google to
>> run storage nodes at a lower security level, which might help them smooth
>> operations.
>>
>> Nothing there to help against the agencies.
>
> But the algo is really completely irrelevant here. They could have used
> OMGWTF-8096 and it would still be irrelevant. If the keys are being held by
> Google -- and as far as I understand, they have to -- the whole encryption is
> moot.
>
> They don't have to give the government the keys. They can just hand over the
> cleartext...
>
> The point about running nodes at a lower security level is interesting,
> though. Maybe that's the whole point:
>
> - Hey Joe, if we encrypt user data (and hold the keys), we could care less
> about these nodes' security.
> - Hey, yeah, Jack, this seems to be a good idea; and we could sell it to
> people as a "security enhancement", esp. after PRISM.
> - Oooh, I like this. I'll be talking to PR dept right away!
>
Not so sure we need to be quite so cynical. Obviously this encryption
is useless against state-level agencies, since data is encrypted
server-side and Google manages the keys ( although the fact that they
think they won't be obligated to hand the keys over to the gov't is
bullshit). However, what I think is important to see in this story, is
that Google is responding to pressure from the public to take privacy
and encryption more seriously. This is an opportunity for security and
privacy activists to push for real security solutions for user data
storage, that involve strong *client-side encryption* of data.
--
http://disman.tl
OpenPGP key: http://disman.tl/pgp.asc
Fingerprint: 2480 095D 4B16 436F 35AB 7305 F670 74ED BD86 43A9
More information about the cypherpunks
mailing list