Hi,
i have been asked to give access to all my cloud storage via oauth. I understand this method seems to be seemless and easy but what about my privacy. Do i have to worry that odrive staff has access to those tokens that they can have fulll access to my drive?
Other than this: do you encrypt with AES 128 or 256 bit? If not can you please specify? I understand you dont do this by default. I am talking about encryption feature.
Hi,
Please take a look at this post for lots of info and references:
Information about the encryption process is at the bottom of the referenced odrive Encryption page:
The encryption steps are:
Generate a random salt (S)
Calculate a 128-bit key (K) using PBKDF2 with S and the passphrase
Produce a random initialization vector (IV)
Compute a hash of the plaintext (PT) using SHA256
Get the ciphertext (CT) using AES in CBC mode to encrypt PT+HASH with K and IV
Write to output file S+IV+CT
The encryption process is designed to eliminate all information about the original plaintext in the resulting ciphertext.
Encryption keys are produced using PBKDF2 with the secret passphrase and the salt as input. Each file has a unique key.