I’m new to the community and considering the paid version. I am most interested in the encryption add-on as integration of encryption for cloud services is decidedly lacking. I have read everything available on the encryption process with odrive. However, there are a few additional questions that I have.
I understand the encryption process is to generate a random salt, and then calculate a 256 bit key using pdkdf2, given the salt and a passphrase. In addition, I understand the plain text is then hashed using SHA256 and AES/CBC is used to encrypt the (?hashed plaintext) with the key and initialization vector.
My questions are (note, some may be redundant - in that in answering one you may answer the others):
- Can you please explain the decryption process?
- Is the encryption symmetric or asymmetric? Is there a public and private key? Your explanation on the website gives the impression that this is symmetric encryption. If so, (see next)
- Where is the key stored? This is super important. Is the key stored on the odrive server? Or is it stored on the local drive. Is the key itself encrypted? How?
- Are the file names encrypted? How about the directories?
- Are the file sizes consistent? Or are they randomly increased/decreased?
While there are many encryption apps out there that work with cloud storage, they don’t integrate well with multiple providers; and each have their drawbacks. It would be great to have an all-encompassing solution in the form of odrive IF the encryption is done well. Boxcryptor is the dominant closed-source player and their encryption process is well outlined on their website. Cryptomator is the dominant open-source solution and they also fully spell out their encryption and decryption process. Overall, I’m far less concerned that a hacker would be able to decrypt an encrypted file using brute force. I’m much more worried about the peripheral issues involved with encryption because hackers are much more likely to target ways of hijacking keys and passwords. A clear explanation of the process is critical because with encryption, if it’s not spelled out directly, one has to assume the worst case scenario. So your answers, and any additional details you can think of, would be greatly appreciated.