Quote:
Originally Posted by Darqref
From what I've read of the original proposal, the whole point of the service is for the service to use an encryption that they themselves cannot break - therefore cannot provide the content to authorities even if provided with a search warrant, since they won't hold the decryption key. While the user may control the resulting decryption keys, I don't believe they can specify the ENcryption key, which makes it hard to specify someone else's public key at the start of the cycle.
|
It's possible they could just be enabling strong symetric encryption to be used. They themselves would not know the pass or key used to encrypt the file and can't decode it. However, that would really be little different to anyone encrypting a file today, uploading to dropbox or any other file locker and then sending the password out to the group (or using a pre-arranged password)
Quote:
Unless there's an encryption within another encryption, with the whole private/public keys on the inside of whatever other encryption the service uses, but you're still left with a specific key for the file which must be distributed to allow someone else to use the file.
|
I'm not sure how much you know about pub/priv key encryption, but since many on here may not be familiar with it, even if you are, I'll post a bit more detail anyway.
In short, even if the host is aware of the public keys for every one of their users, they still could not decrypt/determine what any given file on their service is.
I'm not sure about the details of this particular service, I don't know who it is that's come up with the idea, so if anyone wishes to provide a link to any technical information (assuming any exists) I'll give it a read.
That said, usually with public key encryption each user generates a private key/public key pair. They keep the private key private and distribute the public key to any/all who may want to send them an encrypted email/file/data.
The file itself is encrypted with a randomly created password that's just for that file and the file can only be decrypted if you know that random password, which obviously nobody can know as it's random (symmetric encryption)
So, the person who does the encryption of the file, also encrypts the random password using the public keys of each person they want to allow to decrypt it. Once public keys have been obtained by whoever needs to upload a file (a one time process), there's nothing that needs distributing other than the encrypted file and future files to the internet as a whole. Only those people who's public keys were used to encrypt the random password have any real hope of ever knowing the contents of the file.
In the case of a cloud service, that would mean encrypted files could be uploaded to it and stored without the host been able to know what the contents are nor know that another 50 files on their service are also the same movie.
This is all something that could be done with existing cloud services or even p2p, however, in all cases the issue is the complexity involved. The problem the service faces is making the process of getting the public keys from other internet users whom you wish to allow to decrypt the file, without making the mistake of admitting someone who enforced copyright infringement into the group.
If the software provides any way to do that in a trivial manner, then from that moment on, there's little copyright holders can do, as they'll have no way of knowing if one file or another is the latest hit album or movie or just random bytes of junk.
Quote:
While I won't say it's impossible, I think this particular service won't easily enable the public/private key groups discussed above. It WILL enable the service to be strict about take-down notice requirements.
|
As mentioned above, I'm not aware of the specifics of the service, I'd appreciate a link to any relevant technical info though, then I can revise my assumptions on how it could work.
For the service to be any different to what is currently possible, they'd need to make the distribution of public keys to others trivial. Everything beyond that could be largely made transparent to the end users.