

How to prevent Cylons from taking over your data (or how Zumodrive does it) - bbgm
http://blog.zumodrive.com/sometimes-you-have-to-roll-a-hard-six

======
sweis
This sends the file in transit over SSL, but encrypts the data at rest on EC2.
That means you must completely trust EC2.

Worse, based on the comments in the blog, it is unclear who has the key that
is used to encrypt the files: hotzyco: "What key AES uses to encrypt files?"
Response: "Sorry hotzyco. We can not give out that information."

If Zumodrive controls that key, they have access to your data.

~~~
rlpb
I think they need to tell us pretty quickly that they aren't using the same
key for all data.

I hope they can!

~~~
shrughes
Since they'd want to deduplicate equal files across different users, to save
bandwidth and storage costs, I imagine the keys they use won't be user-by-
user. They'd be defined file-by-file, or block-by-block, with the keys being
stored elsewhere (but where?), or there's just one universal master key.
Considering their security is just theatrical in nature, I'd bet they have one
master key.

~~~
shrughes
I'm being dumb in the previous posting. I know.

------
jasonlbaptiste
No, they'll create a humanoid form Cylon that's a tremendously hot blonde. She
will seduce you and steal the encryption keys. "All this has happened before,
and all this will happen again."

------
bugs
NOT RELEVANT TO DISCUSSION:

Here's something for all you people who run blogs for your app or business or
something.

Please LINK to your actual app/business/something so I can click my way there.

