Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think if you're actually interested in encryption, your best bet is actually not to wait on us to help you with it. If we're cooperating with you to encrypt your data, it's by definition not secure. A number of security-conscious users use us combined with TrueCrypt volumes.


Haha, you win. I'm signing up. Thanks for the reply!


I see a couple ways you could introduce encryption securely.

1. At the very least, encrypt data being transfered using SSL, to prevent sniffing on WiFi and other public networks. Public key cryptography (like SSL) certainly can be secure, and does or doesn't require "cooperation" depending on your definition.

2. Your client could somehow integrate with something like TrueCrypt, but leave it up to the user to manage their keys.


We definitely do use encryption for both data transfer and storage. I didn't mean to imply that those things happen in the clear.

And yeah, hopefully we can find a way to help users along the path of managing their own keys.


I use an encrypted Mac OS X disk image on my Dropbox. It works well.


Every time you make any change to the image it needs to sync the whole thing, right? Seems wasteful to me, there must be a better solution.


My impression is that cperciva is after this problem, but the wait seems indefinite.


I really doubt it. The whole point to encryption is that the storage area doesn't know anything about your files.


It doesn't. It just syncs the byte changes.


But depending on the encryption scheme, a single byte changed in the unencrypted data can result in the entire encrypted image being different.


It's 128-bit AES. I haven't had a problem yet.


technically half the bits change, on average




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: