Is Your Cloud Drive Really Private?

CommanderFrank

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,399
If you think for one minute that the information you have stored in the cloud is safe and secure away from prying eyes, you need to think again. Data stored in a cloud storage account is routinely scanned by electronic sweeps on patrol for illegal entries by some storage providers. You should feel much more safer and secure knowing that Big Brother is watching over your files just for you. :D

"There are two opportunities to look at content," when it's going into a cloud-storage account and when it's leaving, she said. "There is technology to do this," Grant added, pointing out that file signatures — unique hashes or fingerprints — could be used to confirm the nature of the files.
Click to expand...
 
Oh hey, the very reason nobody wants to go cloud. You know besides data caps.
 
It's OK, guys. The guy from the article last week said that the cloud is the future and we must all dump our personal storage devices and assimilate.
 
Does the phrase entrapment mean anything?

If Verizon is scanning people's drives for child porn, that means they are acting as an agent of law enforcement because their purpose is to identify activity that the state deems illegal. As such, that means that any search like that is the same as a search conducted by police and subject to the same requirements.
 
not at all if you cloud storage your a tard as all anyone needs is suspicion and they will hand over your data w/o a fuss cause it is no longer yours its in their cloud so they can do with it as they wish even turn you in for it
 
oh onto the legal aspect of this argument their are no laws protecting your data from misuse abuse or snooping by the feds after all the cloud is the future one i am happy to pass on
 
Let us store all your data! We wont look at in once its here we promise!! only when you send and take it :p
 
I have probably 2000 pictures of my dog and a few hundred cat pictures on the Skydrive. I would love it if MS shared them with the entire world. I want them to be the first images that come up whenever someone Googles "Jake" or "Mr. Meepers". Actually, I just searched for Mr. Meepers and it looks like another cat has already stolen his identity. Pathetic, another reason not to trust Google.

I am completely over any ideas of internet privacy. I will never trust the companies involved to do what is right. All I hope for now is full disclosure so all but the truly stupid understand the deal.
 
Problem with a cloud server, if a warrant is granted for data on for someone's data. They come and take all the servers in question for the said cloud instance. SO everyone that has data on it well your data is taken as well. Only real way to protect it, store it on multi-clouds with Trust no one encryption (for less techie people, encryption that YOU are only one with the key's to decypt the data)
 
swimming pool said:
I have probably 2000 pictures of my dog and a few hundred cat pictures on the Skydrive. I would love it if MS shared them with the entire world. I want them to be the first images that come up whenever someone Googles "Jake" or "Mr. Meepers". Actually, I just searched for Mr. Meepers and it looks like another cat has already stolen his identity. Pathetic, another reason not to trust Google.

I am completely over any ideas of internet privacy. I will never trust the companies involved to do what is right. All I hope for now is full disclosure so all but the truly stupid understand the deal.
Click to expand...

The problem is that your lawyer's assistant, doctor, real estate agent, etc. might be storing your records on the cloud unencrypted.
 
Qinsp said:
Unless you are using a different key for each file, and using your own formula, a supercomputer can use brute force to guess your key. Most encryption at the consumer level is well-documented, In fact, some can be broken by a fast PC.

http://www.accessdata.com/products/digital-forensics/decryption
Click to expand...

That sounds more like a program to get passwords out of password database files that are stored under standard Hash programs. Not quite the same thing as strong file encryption.
 
Qinsp said:
Unless you are using a different key for each file, and using your own formula, a supercomputer can use brute force to guess your key. Most encryption at the consumer level is well-documented, In fact, some can be broken by a fast PC.

http://www.accessdata.com/products/digital-forensics/decryption
Click to expand...
I'm not sure what that link to a software vendor is supposed to prove, and the fact that strong encryption available to consumers is "well-documented" doesn't make it any easier to break. If the cryptography is done correctly both with regard to the algorithms used and the way they're implemented, and you use a sufficiently long and complex passphrase, no computer ("super" or otherwise) will break it within the lifetime of the universe. At least, not with current technology.

Having said that, if you really have pissed off "the wrong folk," there are far simpler (and cheaper) ways of extracting a password, which don't involve any kind of computing power whatsoever. :)
 
nick8571 said:
I'm not sure what that link to a software vendor is supposed to prove, and the fact that strong encryption available to consumers is "well-documented" doesn't make it any easier to break. If the cryptography is done correctly both with regard to the algorithms used and the way they're implemented, and you use a sufficiently long and complex passphrase, no computer ("super" or otherwise) will break it within the lifetime of the universe. At least, not with current technology.

Having said that, if you really have pissed off "the wrong folk," there are far simpler (and cheaper) ways of extracting a password, which don't involve any kind of computing power whatsoever. :)
Click to expand...

You're right if your password is random and long. WAG = 12+ char?

If it's 8 char of letters and numbers, a notebook can crack it. And everything else lies in between.

A typical person who clicks on "encrypt my drive" is going to be vulnerable.

A typical university supercomputer is equal to 100,000 desktops. Who knows what the Gov't really owns? They'll admit to 250,000 times an average desktop.
 
Check my math. If you have a random 16char password, to crack it in 3 days requires 1E25 guesses per second? Current tech ain't even in the ballpark yet.
 
Brute force, assuming total randomization in both chars and length, and no shortcuts.
 
jpm100 said:
The problem is that your lawyer's assistant, doctor, real estate agent, etc. might be storing your records on the cloud unencrypted.
Click to expand...

Isn't it the same problem if they are storing records on non-cloud internet-connected remote-storage?

A lot of the problems people have with "cloud" computing seem to me to be the same problems we've always had with any kind of remote computing.
 
Qinsp said:
Unless you are using a different key for each file, and using your own formula, a supercomputer can use brute force to guess your key. Most encryption at the consumer level is well-documented, In fact, some can be broken by a fast PC.

http://www.accessdata.com/products/digital-forensics/decryption
Click to expand...

I had originally typed up a long ass post but decided it was taking too long to write up for a random reply in a random part of the forums :p, and instead of deleting it all I'll post it partially completeled if anyone cares to read it. It's probably inaccurate, but oh well. Someone else can add to it if they want.

A 1 bit key looks like this: 1 (2^1= 2 possible key combinations (ie its either 1 or 0))
A 2 bit key looks like this: 10 (2^2 = 4 possible key combinations)
An 8 bit key looks like this: 10000000 (2^8 = 256 possible key combinations)
A 16 bit key looks like this: 1000000000000000 (2^16 = 65,536 possible key combinations)
A 32 bit key looks like this: 10000000000000001000000000000000 (2^32 = 4,294,967,296 possible key combinations)
A 64 bit key looks like this: (2^64 = 18,446,744,073,709,551,616 possible key combinations)
A 128 bit key looks like this: (2^128 = 340,282,366,920,938,463,463,374,607,431,768,211,456 possible key combinations)
A 256 bit key looks like this: (2^256 = 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936 possible key combinations)

Now we take a look at distributed.net, a 5870 GPU can crank out about 1.5 - 2 billion keys a sec

distributed.net has kind of fallin by the wayside I think in terms of popularity though, the real hardcore players are bitcoin mining, so let's take a look at what a 5870 can do there, where the big boys are playing, and the mining statistics. A 5870 GPU there is cranking out about 400 million hashes a sec. So if a 5870 can crank out 2 billion RC5-72 keys a second and 400 million hashes a second in mining, assuming everything else is equal (its not, but lets pretend), 2billion/400million = 5, that means we should be able to take the total output if bitcoin mining and multiply it by 5 to see a rough estimate on how effective it would be on RC5-72 keys. Since people are doing some insane shit mining bitcoins, what is the total output rate of all miners? According to this its close to 50 TRILLION hashes a second, or 250 trillion RC5-72 keys a second.

A 72 bit key is 2^72 or 4,722,366,482,869,645,213,696 possible combinations

distributed.net is cracking RC5-72 at about 600 billion keys a second, and there is no end in sight:

Code: 
4,722,366,482,869,645,213,696 possible combinations
              600,000,000,000 number of keys/sec current distributed.net RC5-72 cracking is currently doing on average  

7,870,610,804 seconds to test all possible combinations
or
131,176,846 minutes
or
2,186,280 hours
or
91,095 days


If the entire bitcoin community came in at 250 trillion keys a second:

Code: 
4,722,366,482,869,645,213,696 possible combinations
          250,000,000,000,000 number of keys/sec the bitcoin mining community could be doing cracking RC5-72

18,889,465 seconds to test all possible combinations
or
314,824 minutes
or
5,247 hours
or
218 days

That's a pretty impressive difference.. but what about a 128 bit key for the bitcoin community?

Code: 
340,282,366,920,938,463,463,374,607,431,768,211,456 possible combinations
                                250,000,000,000,000 number of keys/sec

Yeah it's going to be a long long long time to break a 128 bit key even at bitcoin mining rates. A 256 bit key is out of the question.
 
PornoSatan said:
...
Yeah it's going to be a long long long time to break a 128 bit key even at bitcoin mining rates. A 256 bit key is out of the question.
Click to expand...

Just rambin'...

Here's a binary 128 bit code. 16 chars. However most passwords cannot have top bit flipped. In decimal, you can use char 33 to char 126 or 92 different chars out of 256 bits.

So in truth, a normal password is 92^16, not 256^16. Big difference. But like I said, after 12 password chars, the point is moot. That's 92^12.

  1. 10101010
  2. 10101010
  3. 10101010
  4. 10101010
  5. 10101010
  6. 10101010
  7. 10101010
  8. 10101010
  9. 10101010
  10. 10101010
  11. 10101010
  12. 10101010
  13. 10101010
  14. 10101010
  15. 10101010
  16. 10101010
 
security.png
 
dgz said:
security.png
Click to expand...

This. Your data is safe unless you have classified Government documents or something of equal value stored on the cloud , you should stop worrying.

Even if someone wanted at your information , the amount of resources and time would make it likely illogical versus not bothering.
 
The truth is it's not private.

The other truth is no one gives a shit what is in your "cloud" storage. You are not a famous person. :p
 
You must log in or register to reply here.
Back
Top