E
esi_y
Renowned Member
- Nov 29, 2023
- 1,003
- 139
- 63
- Today at 14:06
- #21
What an interesting discussion. But the answer is really quite simple. The VMs are as safe from the party in possession of the hardware than e.g. EC2 instance on AWS is from a court warrant.
Only data that already got there as encrypted (e.g. from a client outside of the realm) are safe insofar as the encryption and the chosen key is well-chosen. All the other topics like encryption between two endpoints or LUKS full-drive encryption, let alone just plain access control do not change anything about physical access to the data and the processes producing them. Anything encrypted inside the VMs which used keys also stored inside the VMs could of course be decrypted with the use of the same keys. LUKS keys are in RAM and could be dumped.
There's really not much to it, actually.
P
proxenjoy
New Member
- Jul 31, 2024
- 11
- 0
- 1
- Today at 14:34
- #22
esi_y said:
What an interesting discussion. But the answer is really quite simple. The VMs are as safe from the party in possession of the hardware than e.g. EC2 instance on AWS is from a court warrant.
Only data that already got there as encrypted (e.g. from a client outside of the realm) are safe insofar as the encryption and the chosen key is well-chosen. All the other topics like encryption between two endpoints or LUKS full-drive encryption, let alone just plain access control do not change anything about physical access to the data and the processes producing them. Anything encrypted inside the VMs which used keys also stored inside the VMs could of course be decrypted with the use of the same keys. LUKS keys are in RAM and could be dumped.
There's really not much to it, actually.
Thank all of you guys meyergru, gfngfn256 for your patience to explain the concepts. I really learned a lot. Yeahh, it looks simple now for me, but I first needed to learn why it is simple. So this means a proper encryption key that cannot be brute forced. Sure if quantum computers come around it won't be safe anymore maybe, but then I am sure we figure out something else again to fight against it. I will stay a cat and mouse game anyways.
How, I look at it now is that all my friends private data should be encrypted on my friends device before it is send to my server. In that case he can store his private Nextcloud files, a Joplin or a Matrix chat server on my hardware because of end-to-end encryption.
Now, regarding applications with public data it really doesn't matter if someone can inspect that in my opinion. The reason being it is already public anyways.
Last edited:
E
esi_y
Renowned Member
- Nov 29, 2023
- 1,003
- 139
- 63
- 57 minutes ago
- #23
proxenjoy said:
if your application has end to end encryption you are good to go!! That's it basically
Actually, you are not, often. The term is completely overused and sometimes even abused. This is e.g. fixed to huge extend by now, but it may simply mean more are waiting to be found out:
https://matrix.org/blog/2022/09/28/...-encryption-vulns-in-matrix-sdks-and-clients/
https://nebuchadnezzar-megolm.github.io/static/paper.pdf
Everything with fast development (and no specialised security staff) suffers from this, perpetually.
G
gfngfn256
Renowned Member
- Mar 29, 2023
- 1,285
- 354
- 88
- 42 minutes ago
- #24
proxenjoy said:
In that case he can store his private Nextcloud files, a Joplin or a Matrix chat server on my hardware because of end-to-end encryption.
Please note I haven't checked all of these application's modes of incorporating so-called "end-to-end encryption", but just looking at Joplin's I see the Master Keys are saved to the database, so bear in mind; that is on YOUR server. Looking on their site, I see they claim that:
Master Keys
The master keys are used to encrypt and decrypt data. They can be generated from the Encryption Service and are saved to the database. They are themselves encrypted via a user password using a strong encryption method.
So I guess it is down to that "strong encryption method" (gives me the shivers!).
What I fail to understand, if I were your friend, why not use the Joplin cloud instead of your server. I must be honest, I would rather my data is out there anonymously, than on my friend's PC who knows who I am, and isn't guaranteed to be online as much as a Cloud company. Add to that, HW failure that is more likely at your end than Joplin's. Also if you decide "you don't like him anymore" - poof, he's lost all his data.
Is he just trying to save 28 Euros a year?
E
esi_y
Renowned Member
- Nov 29, 2023
- 1,003
- 139
- 63
- 22 minutes ago
- #25
gfngfn256 said:
So I guess it is down to that "strong encryption method" (gives me the shivers!).
FWIW It's using AES 256bit in CCM mode, i.e. stream cipher. Great for implementation errors to be found later on though.
gfngfn256 said:
I would rather my data is out there anonymously, than on my friend's PC who knows who I am, and isn't guaranteed to be online as much as a Cloud company. Add to that, HW failure that is more likely at your end than Joplin's.
They are also most likely to get their "cloud" targeted, because the target is known. Note I am not advocating security through obscurity, but when there will be e.g. a Bitwarden breach you can bet the first affected will be those using their infrastructure, even if it was just protocol error. And the disclosure would come months later only. At least you see logs on your own infrastructure.
gfngfn256 said:
Also if you decide "you don't like him anymore" - poof, he's lost all his data.
Surely he has backups.
Anyhow, I will be honest, I was like this once too, concerned seriously about security as a college freshman. The more you understand these, the more you find out the so-called security is mostly illusory. Especially if something is "best in class" or such. Nothing with active development is truly secure. Within industry it is then mostly about compliance.
You must log in or register to reply here.