…but some things about it don’t make sense. The concept at its elementary level is brilliant: since there is a small (almost infinitesimal) chance that hard disk encryption like AlertBoot could fail in protecting a laptop’s contents, why not split the contents of a file, half residing on the laptop and the other half in the cloud? This way, a stolen laptop only contains gibberish and you’re protected.
In reality, though, is it really necessary? Plus, things are not as rosy as they appear to be.
Given Enough Time = Centuries
New Scientist notes in a blog entry that “encryption is one way to protect your data, but given enough time and ingenuity there is always the risk that a laptop thief could decrypt your drive.” This statement is not quite accurate.
If by “decryption” the author literally means “finding the encryption key” to access the contents of a computer protected with encryption, I find this claim to be highly dubious. The built-in weakness into encryption is chancing upon the encryption key. Hence, encryption keys are made very long. While there isn’t a standard key length, the de facto standard is currently 128-bits as in AES-128 (AlertBoot offers disk encryption software that uses AES-256).
Some calculations claim that the universe would implode before the key can be found to AES-128; others claim it would take several centuries. Three hundred years, give or take a couple of decades, is not “given enough time.” It’s given several lifetimes and then some.
Maybe They Meant Passwords are Cracked
Given this “lifetime” aspect, most hackers find other ways to get into an encrypted system:
Hack the password. It’s generally shorter (much shorter) than an encryption key, and generally not random.
Malware. Infected files and programs are used to surreptitiously install “key loggers” (every hit of the keyboard) to figure out, once again, passwords.
Hack the person. Other ways of finagling a password. Social engineering, blackmail, physical threats, etc.
Notice how none of these involve the encryption key. There’s a simple reason for that. No one memorizes or carries around with them the encryption key.
Cloud Shredder: How Does It Protect Data on Its End?
Noting the above, one has to wonder, how does Cloud Shredder protect its half of the data? I don’t know about you, but I get the feeling that it’s encrypted.
Gorgeous. The solution that comes up as an answer to some perceived weakness uses the same weakness in the solution. Plus, you must always be online in order to use it; otherwise, you’re locked out of your files even if you know your passwords (or can get it reset in less than 10 minutes, such as with our 24/7 encryption password recovery service).
A researcher who’s worked in developing Cloud Shredder notes that this “internet requirement” shouldn’t be a problem due to the ubiquity (coming soon to an area near you) of the mobile internet. I live in area where mobile internet penetration rates are essentially 100%. Let me tell you, it’s great but I won’t rely on it to access my files any time soon.
If I were you, I’d skip this for a good computer disk encryption program and use a strong password.
Update (03 NOV 2011): Other sites covering Cloud Shredder note that the solution ensures that cloud providers won’t peak into your data (think: Dropbox controversy), as opposed to New Scientist‘s focus on data in your laptop. This is a different approach to valuing the technology behind Cloud Shredder. It actually makes more sense that way: your laptop becomes part of a multi-factor authentication solution to ensure your data in the cloud is safe.
Related Articles and Sites: