Problems about sync and encryption

Hi, thank you for making such a useful tool. However, there are some problems I experienced lately:

  • Files are locked during the sync process. This affects programs working with temporary files, like download manager. I can’t even rename a newly created txt properly, since odrive need to upload the “New Text Document.txt” first.

  • There is no way to change password of an encrypted folder. User password is usually simple and easily leaked in practice, hence, it is necessary to change it regularly. I understood that delivering file encryption key directly from user password makes this nearly impossible when it involves large number of files. Maybe using random keys for encryption and store them in a dedicated “key file”, then secure this “key file” with user password is better?

  • I have a concern about the AES/CBC method. I’m not an expert but in my experience AES/CBC is hard to implement properly. Is there any audit or analysis about the encryption method odrive is using?

I just want to be serious about security, after all, “seems security” is the worst thing. I’m happy that finally there is a one-site solution meets all my needs. Thank you!

Hi, thanks for your thoughtful feedback.

  1. We will look into locking modes.
  2. We are planning to implement a keychain file with a changeable password
  3. We use PyCrypto for encryption. The specific methods are in the encryption add-on page’s FAQ

The encryption add-on is a serious security module. We take every step possible to maintain the maximum strength of the underlying AES encryption. However, as you correctly pointed out, the entire thing is only as secure as the user’s encryption passphrase. To get true zero-knowledge encryption, the user must take responsibility for the key.