I have searched and found these https://www.techsupportalert.com/best-free-encryption-utility-for-cloud-storage and CloudFogger and Boxcryptor but both services Is there any service that does not work the same way? Because in that way it all depends to the strength of the password chosen by user.
Yes sure but I would prefer an alternative to cloudfogger/boxcrypt which does not store the rsa key on the server
Rather than using Cloudfogger or Boxcryptor with major online storage, consider using a service which have option not to store your private key such as Mozy. But if I were you, I would encrypt contents locally before upload by Truecrypt or whatsoever. Security in asymmetric encription is not yet mathematically proved. Tho it's veeery unlikely, IF P=NP is proved, it means there're algorithms which break asymmetric encryption or hash function in polynomial time for every those crypts (almost Armageddon in crypt world).
@yuki I am seeking something like Mozy a free alternative which does not store private key and works with major online storage. I take your considerations about local encryption seriously though.
That's right. SpiderOak encrypts your files in the client on your machine, before uploading them. There's also Wuala that does this. And it's located in Switzerland, if that's important to people. What does Mozy do that SpiderOak and Wuala don't? (By the way, SpiderOak gives you 2 GB--I think--for free. Wuala has no free option, but you can get 5 GB for $1.39/month or $12/year, that's pretty dern cheap.)
At Gizmo's review site, they claim Tresorit is even more secure than SpiderOak. http://www.techsupportalert.com/best-free-encryption-utility-for-cloud-storage They have a free option. They use client side encryption and are also based on Switzerland, like Wuala. There security does look good. They say they do not store encryption keys on their server. https://tresorit.com/security/end-to-end-encryption I had not heard of them. Seems like an interesting option. No support for Linux, but they say they're working on it (for almost two years now). You can vote for Linux support and be notified of availability here: https://tresorit.com/download/linux
They offer an option not to store your private key on their server. Both Spideroak and Wuala, though they don't provide details of their encryption (very disappointing for me), store your private key on the server BUT they are encrypted by AES (symmetric key). This means, though surely Spideroak or Wuala's employee can't decrypt your contents unless they know your passphrase, potentially anyone who know the pass can decrypt the contents (there can be another security to prevent this, I'm speaking in theory). OTOH, if only you have your private key of asymmetric encryption such as RSA, currently only you can decrypt the contents regardless of passphrase or such. Of course then, you can't share the contents anymore. In the future if P=NP is proved (again, quite unlikely but nobody can deny), then many researchers would seriously seek for attack against popular asymmetric encryption as well as popular hash algorithms. At the same time they are forced to make alternative of those cipher especially TLS. Also, if quantum computer evolved, those asymmetric encryption will be broken but symmetric encryption is sill relatively safe (unless new powerful algorithm is invented). I have Tresorit account, but their 2MB file size limit is deal-breaker for me. Also I hope their Android app to support more file types other than pic and video. Anyway, thanks for your link, I didn't know the article referenced in your link. I'm glad they explain their encryption much better than either SpiderOak or Wuala, and I agree that TS would be bit safer than SO. Note, but it also have your private key (of course encrypted by AES so nobody can decrypt it unless he know the passphrase) on server. It's different key from what they claim don't share that is either decrypted private key or public key for sharing. Also I have a bit of question about their cipher, e.g. why they use CFB mode which is not the best IMO. But it's a thing I should ask in email or so...
Thanks for the explanation about how Mozy is different. I read that a researcher at John's Hopkins, critiqued SpiderOak, Wuala, and Tresorit, because they store an RSA key on their server for sharing purposes. For what it's worth, SpiderOak responded and said this is just wrong and not how their service works: https://blog.spideroak.com/20140422081925-response-to-study-citing-design-flaw-puts-privacy-risk There is also a bit of a response from Tresorit part way through this review of their service, where they claim the Hopkins study if flawed: https://www.reviewtechnica.com/2014/07/tresorit-review.html I don't know that this responds to your concerns, but thought it might interest you. When I look at the pricing chart on Tresorit's site, it seems to say the file size limit for free accounts is 500 MB. https://tresorit.com/pricing Perhaps a recent change? It does seem like you may be expecting to get a lot for free. I see the benefit of storing the private key on your own machine. But if Mozy is really the only service that meets your fairly specific criteria, maybe you have to pay to get what you want.
I think you misunderstood me. I don't have concern about their holding private key. I posted about Mozy cuz OP asked service which don't hold private key, and I described it as you questioned about difference. I haven't used Mozy myself. Also I don't actually fear P=NP problem, tho bit fear quantum computer. Nevertherless, your post was valuable for me. I downloaded the researcher's paper, but it's hard to read it in short time partly due to my lack of English skill. But so far for me SO's answer looks bit pointless. They pointed out misunderstanding of some technical implementation but haven't addressed fundamental security concern (I may be wrong tho). TS seems to have given a bit better response. Wow, I guess they changed if it is not my wrong memory! Now they may become competitor. I don't hesitate to pay money for really good service. Currently I use Cyphertite which I think the safest so far. Tho it's upload & download are slow and it doesn't offer sharing feature, it is compatible with Linux too and their support is responsive, they even clearly answer technical question. See this thread if you have time. [EDIT] BTW, Wuala actually offer free account up to 5GB.
As far as I see, there is no free service which encrypts the data without storing the private key in the company's server and is also working with major cloud services
Different approach to this .... I backup data to mainstream cloud providers like MS OneDrive, box.com and google using duplicati backup software. Duplicati encrypts and decrypts locally (AES or GnuPG .. your choice). Duplicati has built in capability to connect to cloud providers in a variety of ways: SFTP, FTP, WebDav, S3, or using the provider's API (if it's published). The above method handles scheduled backup. For real-time synchronization across my devices, I do not trust any of the public providers to hold my encryption keys. I prefer self-hosting file sync among my trusted devices using Syncthing - which is open source, and uses TLS encryption in transit. The files are unencrypted on each device, but these are MY devices.
deBoetie: I've been a Duplicati user for 4 or 5 years. It's an excellent multi-purpose backup tool. Contains just about every backup feature one could imagine (except for imaging). Fairly short learning curve. Duplicati chunks your upload into smaller randomly named files of 10, 20, 50Mb (this is configurable). I like this because it obscures the metadata from the original file and makes it unidentifiable at the cloud storage backend. Add AES or GPG encryption, and its quite secure. 1.3.x is the stable release, although I have been using 2.0 beta for several months. 2.0 is still being developed, and doesn't yet have the full feature set. For example, doesn't yet have an installer, or run as a service in Windows. 2.0 hasn't failed me so far; has a potentially more robust backup/restore engine, and an updated approach to full and incremental backups.
VIIVO is best, and free. I can verify they have NO METHOD to know your data, or to decrypt it. https://viivo.com/
Thanks a lot for the feedback - I looked at it back then, but didn't want to bite the cloud backup bullet at that point. I liked their scheme for making the differential aspects of the backup efficient and metadata opaque - and I think that's fairly unique. Maybe I'll reconsider for medium sensitivity stuff.
You're right, I misunderstood. Forgot that you're not the OP. Thanks for the link to Cyphertite. I'll check them out. * I agree with Tadoussac that strickly from a security perspective options like Duplicati and Syncthing are, at least in principle, better. If everything is encrypted on your own machine first, then you maintain control. Of course you have to trust the devs of those programs and you have to trust that the open source code is actually reviewed by third parties. As we learned with shellshock, the code is not always reviewed and a major bug can sit unnoticed for more than two decades. So relying on software that other people wrote does not wholly get one out of the trust problem.
SafeMonk, nCryptCloud, DataLocker, Sookasa also store encrypted private key on server, so I guess you're right. If I choose GPG with, say, RSA, does it offer option not to store private key on server? I wonder what backup vendor other than Mozy offer not-to-store private key option. By not-to-store I mean exact definition, so I don't count a service which holds encrypted (by symmetric key) private key. Just for curiosity. Many vendor claim and offer the same thing: store only encrypted private key w/out access to the password. But anyway they store private key. "Although we do not store your passphrase or private key on the server, Viivo does support passphrase recovery through a secure process that uses data on the server with data on your Viivo-enabled device." I don't say they are not secure, but they should use correct word: "we do not store your passphrase, and although we store your private key, they are encrypted by your passphrase so even our worker can't access your private key." And for real paranoid, recovery process is just another potential attack surface even though they can do nothing from server side only. NP. I'm comming to the same conclusion after seeing Heartbleed, Shellshock, and lecent one. After all, conclusion will be secure software is secure, insecure is insecure, regardless of if it's open source. But I think at least about risk of backdoor, wide-adopted OSS will have advantage relatively.
My default encryption setup with Duplicati is AES-256, although I have also tested it using GPG. If you're running Duplicati with GPG, there is no key exchange with the cloud service server. The encryption (and decryption when restoring) takes place entirely on your device. You are basically executing "encrypt to self" - which means that your private and public keys never leave your machine. The only data the remote server receives from you is a series of compressed, encrypted, metadata-wiped files .
I actually lost my Viivo passkey, and worked with them for almost a week to try and recover it. Unfortunately it wasn't recovered, and that's when I realized that they actually don't have access to the passkey, and they can't recover it unless the entire machine is the way it was before. So what I think is, they use a combination of your passkey, with machine credentials to generate an encryption key. But they don't have access to the salting method, which is information from your device to create a new passkey for you. After a week of trying to piece if back together we gave up, they gave up.
Yes, I agree that widely adopted open source software is probably as good as it's going to get, unless you're going to (and can) write the code yourself. But a lot of these new privacy and security projects and products, whether they are services or freeware to deploy yourself, are fairly small projects. They happily promote their open source nature as a reason that they are more secure, which, again, in principle is true. But it really doesn't mean that anyone has reviewed the code. And I think open source software users and coders can easily become complacent about the difference between principle and practice. Also, even in large, widely adopted projects, they can change so rapidly or be so huge, that effective and timely reviews of code are not so practical. It's one of the arguments the main dev of Qubes OS makes for not relying on the Linux kernel and instead using the Xen hypervisor at the basis for that system. She points about the the kernel is tens of millions of lines of code. How often is that fully reviewed? And only one needle in that haystack can compromise a whole system. Comparatively the Xen hypervisor has a few hundred thousand lines of code. See: http://theinvisiblethings.blogspot.com/2012/09/how-is-qubes-os-different-from.html I guess we really need a couple competing clearing houses that review code regularly and post the results, so we know what has and has not been reviewed. Maybe, this exists, I haven't really looked around. The only thing I've seen like this is an EFF review of encrypted messaging apps, that includes in their checklist whether or not there has been a recent code audit: https://www.eff.org/secure-messaging-scorecard.
I'm getting much closer to resorting to that in desperation! Even there though, I'd rely on a range of crypto libraries for very good reasons, although I would probably combine several distinct paths (e.g. AES and TwoFish, and several different KDF). My opinion is that the review/audit/quality problem is not going to improve until corporations are made properly financially liable for leaks, and are able to use a mitigation that they had done proper due diligence on their controls. But what we're seeing from the legislators is actually the opposite. Having weakened encryption and attacked the internet, they're now intent of giving corporations immunity and passing even more draconian laws against attackers.
Yeah, I don't really know what the solution is. I understand that companies, like Google, Microsoft, etc., are starting to pay security experts for finding bugs, rather than ignoring them (and often times allowing the exploits to be sold abroad on black/grey markets for such things). I guess that's a step in a better direction. Apple seem to be the slowest to come around of the major ecosystems. I guess if they paid people who discover bugs in their system then they'd have to admit that it's not perfect. Of course, there's no money like this to motivate code audits in the open source world. Not sure how that could be organized better. It's definitely true that there should be more consequences for bad security. Business don't care much and even banks can be really lax on their IT. I think they just calculate fraud as an operating cost and decide whether the inconvenience of being more secure would cost them more money (by alienating customers) than tolerating a certain level of fraud. This is how the credit card (and other aspects of the credit issuing) industry has worked for decades. Isn't that why 142395 was suggesting Mozy in the forth post of this thread? They're not free but apparently there is an option to store the encryption key on your own system.
