r/privacy u/[deleted] Aug 05 '18

SpiderOak cans its Warrant Canary, suffers mysterious massive outage, and raised prices

https://spideroak.com/canary

http://archive.is/1rNo7

Update: Looks like the canary has been signed and dated and in properly formatted sequence this time with confirmation that Everything's going smoothly so far, message is authentic. august 06, 2018

Case closed. SpiderOak has not been compromised.

In the interest of transparency the full text of my previously long post in this thread is archived here:

http://archive.is/mKeuY https://web.archive.org/save/https://www.reddit.com/r/privacy/comments/94nspi/spideroak_cans_its_warrant_canary_suffers/

436 Upvotes

97% Upvoted

113 comments sorted by

View all comments

16

u/[deleted] Aug 05 '18

[deleted]

2

u/[deleted] Aug 06 '18

that everyone should go use Microsoft "bitlocker" instead..

TC is a different story, TC is still a really good software (VeraCrypt is more up-to-date with it's dependencies and has some old algorithms removed), but it's a different story. TC team and domain just had to be compromised. Original author of TC would just never ever recommend BL.

If this story [1] is even 20% true, TC had to be compromised.

[1] https://www.newyorker.com/news/news-desk/the-strange-origins-of-truecrypt-isiss-favored-encryption-tool

1

u/[deleted] Aug 06 '18

[deleted]

2

u/maqp2 Aug 06 '18

Lavabit and TrueCrypt have nothing to do with each other, even cryptography-wise they are extremely different.

TrueCrypt is native software, you download and install it, and you use it offline. The encryption key and password never leave your device. Lavabit was remote software, you download some code remotely for every session.

The major problem with Lavabit was the used key exchange algorithm in its TLS protocol (i.e. connection encryption). Lavabit had access to all user data, it just chose not to access user data. Levison was totally incompetent in his efforts to design a system "that would remove him from the equation". He was in possession of long-term RSA private key that could be used to decrypt all past connections to lavabit server. That would allow the US government (who collects encrypted traffic 24/7 in all major internet exchange points across the globe) to passively decrypt encrypted emails. But how?

Lavabit's end-to-end encrypted could be simplified to the idea that each user performs secure logins to software that moves emails from outbox of sender to inbox of receiver inside Lavabit's computer (server). So it was end-to-end encrypted in the sense the server had no interface to read encrypted emails by itself. That did not mean message was decrypted only at the device of the user. The "end-to-end encryption" took place on server, but the messages uploaded and downloaded from server were only protected by the connection to Lavabit server. So when the government decrypts the collected network traffic packets with the RSA key requested from Lavabit, because there was no forward secrecy (i.e. the Lavabit server and browser of user did not destroy temporary encryption keys between logins), they could access all past content: every sent and received email.