I just heard about odrive when hearing about a competitor’s exciting new endeavor not supporting Linux, and thought this sounded promising. I haven’t tried it yet, but I’m particularly interested in the encryption add-on, because it could allow me to stop using my horrible EncFS layering.
One of the issues I have with EncFS on cloud storage is that it is not authenticated: the blocks are encrypted so that they can’t be read, but it can’t be verified that the contents were not modified by an adversary. AFAIK, there are some possible attacks that can be performed with this property.
I read the FAQ which adequately describes what the encryption add-on is actually doing, but it doesn’t mention anything about authentication. So my question is, does odrive encryption do any authentication on encrypted blocks? If not, I’d like to request that feature. When it comes to encryption, nothing is too paranoid, and this is a practically exploitable weakness. Throwing HMAC-SHA256 at each block optionally would be nice.
Hi,
Thanks for reaching out. The current scheme does not implement authentication, but we are discussing this for our next iteration of encryption, which is in the works.
Encryption provides you with confidentiality, but it doesn’t guarantee integrity. Using an authenticated cryptographic hash or signature provides this.
If somebody flips a bit in a block of encrypted data, they can not know what the exact result of that may be, but the result will in fact decrypt to something else, and that may cause the client to respond in a way that leaks information back… Recently when EncFS was audited it was found that this could be exploited by an adversary capable of reading and writing to encrypted files without knowledge of the keys.
Exactly how a practical attack may work isn’t too important; it’s best to be resilient against integrity issues in the first place.