Due to the manner in which data is client-side encrypted (password-based keys, p... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		wcunning on June 10, 2013 \| parent \| context \| favorite \| on: Wuala: Secure Cloud Storage Due to the manner in which data is client-side encrypted (password-based keys, password not stored on their servers), they can hand your (encrypted) data to any government with no ability to decrypt it. Now, depending on the outcome of some cases before US Courts right now, you might be compelled to provide the password to unencrypt the data. It's also worth noting that the password-based asymmetric encryption schemes are less secure than the arbitrary key based ones, but still it's better than nothing. In my case, I'm sold by the fact that they provide more free storage than Dropbox and have a much better Linux client (based on a FUSE plugin, a much nicer architecture in general).

pbhjpbhj on June 10, 2013 [–]

As it's closed source isn't it entirely possible that the client keeps copies of the keys that are accessible on demand from the server end (I guess that counts as a backdoor of sorts).

dllthomas on June 11, 2013 | [–]

Open source is an incomplete defense against this - I don't know of a way of proving what software is running on a remote host.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact