Use a safer encyption algorithm

Hello Carlos,

Syncany basically supports all Java-compatible synchronous encryption methods. If we used the Bouncycastle provider, we could use the following algorithms: http://www.bouncycastle.org/specifications.html#install (table in section 5.2)

The rest is just a matter of the UI :-)

Cheers

What's wrong with AES? Properly used (CBC or CTR, good keying, etc.), it's pretty standard for secure deployments and is a FIPS standard.

I have to agree with Philipp here, AES adoption has never convinced me
properly.

Kinda like what is happening in GSM networks, quite convenient IMHO...
Unless it really hurts performance, Syncany should have solid security
features (one of the key points of Syncany is that you can host it on your
own server, hence secure your data, so it should be done in the best way
possible - consider the possibilities for enterprises).

Best regards!

On Tue, Aug 30, 2011 at 6:08 PM, Michael Ekstrand <email address hidden>wrote:

> What's wrong with AES? Properly used (CBC or CTR, good keying, etc.),
> it's pretty standard for secure deployments and is a FIPS standard.
>
> --
> You received this bug notification because you are a member of Syncany
> Team, which is subscribed to Syncany.
> https://bugs.launchpad.net/bugs/825986
>
> Title:
> Use a safer encyption algorithm
>
> Status in Syncany:
> Confirmed
>
> Bug description:
> Actually, the algorithms used by Syncany are too unsafe (only AES and
> 3DES). It's a huge security bug IMHO.
>
> Syncany should be able to use safer encyption algorithms like PGP
> (GPG) or AES+Twofish+Serpent.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/syncany/+bug/825986/+subscriptions
>
> --
> Mailing list: https://launchpad.net/~syncany-team
> Post to : <email address hidden>
> Unsubscribe : https://launchpad.net/~syncany-team
> More help : https://help.launchpad.net/ListHelp
>

I said Philipp but I meant Carlos, as it should be clear...

Sorry for the typo.

2011/8/31 João Almeida <email address hidden>

> I have to agree with Philipp here, AES adoption has never convinced me
> properly.
>
> Kinda like what is happening in GSM networks, quite convenient IMHO...
> Unless it really hurts performance, Syncany should have solid security
> features (one of the key points of Syncany is that you can host it on your
> own server, hence secure your data, so it should be done in the best way
> possible - consider the possibilities for enterprises).
>
> Best regards!
>
> On Tue, Aug 30, 2011 at 6:08 PM, Michael Ekstrand <email address hidden>wrote:
>
>> What's wrong with AES? Properly used (CBC or CTR, good keying, etc.),
>> it's pretty standard for secure deployments and is a FIPS standard.
>>
>> --
>> You received this bug notification because you are a member of Syncany
>> Team, which is subscribed to Syncany.
>> https://bugs.launchpad.net/bugs/825986
>>
>> Title:
>> Use a safer encyption algorithm
>>
>> Status in Syncany:
>> Confirmed
>>
>> Bug description:
>> Actually, the algorithms used by Syncany are too unsafe (only AES and
>> 3DES). It's a huge security bug IMHO.
>>
>> Syncany should be able to use safer encyption algorithms like PGP
>> (GPG) or AES+Twofish+Serpent.
>>
>> To manage notifications about this bug go to:
>> https://bugs.launchpad.net/sy nncany/+bug/825986/+subscriptions<https://bugs.launchpad.net/syncany/+bug/825986/+subscriptions>
>>
>> --
>> Mailing list: https://launchpad.net/~syncany-team
>> Post to : <email address hidden>
>> Unsubscribe : https://launchpad.net/~syncany-team
>> More help : https://help.launchpad.net/ListHelp
>>
>
>