Why NOT end to end encryption?

[Suspicious-Teach8788]

Can anyone explain why Dropbox, Google Drive, WhatsApp, etc. all advertise encrypted data, but the encryption keys are still stored by the provider? We all know the benefits of End to End encryption in that the company has zero knowledge and therefore the government can't snoop, but why do companies not use end to end encryption? Is it just because it's difficult to implement? For compliance reasons?

Let's take Dropbox for example.

 

[smakme7757]

Can anyone explain why Dropbox, Google Drive, WhatsApp, etc. all advertise encrypted data, but the encryption keys are still stored by the provider? We all know the benefits of End to End encryption in that the company has zero knowledge and therefore the government can't snoop, but why do companies not use end to end encryption? Is it just because it's difficult to implement? For compliance reasons?

Let's take Dropbox for example.

It's because responsibility would then be shifted to the user. The whole "If you loose this password you will never be able to get your data back" thing scares people.

They could implement it as an option, heaps of companies do that. Jungle disk and Spideroak to name a few.

 

[_Rick_]

It is possible to do not use end-to-end encryption, and still not have the means to decrypt the storage in the hands of the provider. This would require using the password to decrypt the encryption key in their storage, and not saving the password on their end, which is generally bad practice anyway.

If you want to store your data away from prying eyes, there's only one way: Roll it yourself, using audited open source software. Renting a VM with a few GB of storage isn't too expensive these days (200-300$ per year should get you something solid). And you'll be fully in control of what's happening. And we all know, that control is worth more than trust, especially when it comes to security issues.

As to why everyone does save the keys?
Ease of use, and lack of hassle. They care less about security, and more about getting customers that can use their system without a care.

 

[Anteaus]

Not to flip it around, but what's keeping people from encrypting their own data before uploading it to services like Dropbox? In my opinion it would seem to be the ideal situation because there is no key to transmit and while the data is stored offsite, all encryption/decryption can be isolated to a controlled environment onsite. Using third party encyryption services could then provide another layer of protection.

Personally, I wouldn't trust any encryption that wasn't applied directly by me. I'm definintely not going to claim any foul play, but if a company like Dropbox put in a back door, how would the end user ever know?

 

[seepy83]

Not to flip it around, but what's keeping people from encrypting their own data before uploading it to services like Dropbox? In my opinion it would seem to be the ideal situation because there is no key to transmit and while the data is stored offsite, all encryption/decryption can be isolated to a controlled environment onsite. Using third party encyryption services could then provide another layer of protection.

Personally, I wouldn't trust any encryption that wasn't applied directly by me. I'm definintely not going to claim any foul play, but if a company like Dropbox put in a back door, how would the end user ever know?

Absolutely nothing is stopping you from encrypting your data before uploading it. There are even tools like Boxcryptor that make it very easy for people with low technical knowledge.

 

[Suspicious-Teach8788]

Absolutely nothing is stopping you from encrypting your data before uploading it. There are even tools like Boxcryptor that make it very easy for people with low technical knowledge.

Right, I think the trick is to have a user friendly tool. While TrueCrypt isn't hard either, it's a bit annoying to implement. What if I want to push something from my computer to my phone quickly encrypted? Annoying.

Boxcryptor makes things a little better but in the end is still clunkier than a full solution like Bitcasa or Mega where you can log in from anywhere in the world on any PC and get your data.

 

[Dude111]

Can anyone explain why Dropbox, Google Drive, WhatsApp, etc. all advertise encrypted data, but the encryption keys are still stored by the provider? We all know the benefits of End to End encryption in that the company has zero knowledge and therefore the government can't snoop, but why do companies not use end to end encryption? Is it just because it's difficult to implement? For compliance reasons?

Let's take Dropbox for example.

The feds probably DO NOT WANT IT THAT WAY! (Would be quite hard for them to snoop on ppl then)

 

[Anteaus]

As a sidebar, what type of encryption available mainstream today is considered robust enough to prevent cracking at all but the highest levels ( i.e. brute force by super computer or elite hacker types)? My knowledge of encryption is rather basic. I'm curious about how stout current encryption techniques are.

 

[smakme7757]

As a sidebar, what type of encryption available mainstream today is considered robust enough to prevent cracking at all but the highest levels ( i.e. brute force by super computer or elite hacker types)? My knowledge of encryption is rather basic. I'm curious about how stout current encryption techniques are.

Modern and vetted encryption algorithms are considered unbreakable for the foreseeable future; as long as they are implemented correctly.

 

[PrincessFrosty]

It's not really any kind of technical limitation, encryption overheads are tiny with modern hardware, it's mostly a case that people simply don't understand or care enough to push for it.

Governments are pushing service providers to maintain encryption keys at their end so they can snoop on users data as they wish, the history of government snooping and the crypto wars is an interesting topic. Search for Christopher Soghoian on youtube for some of his defcon talks on what modern service providers are up to.

 

[code65536]

I imagine there's a bit of data deduplication that goes on that wouldn't be possible with user-owned encryption.

And by far the biggest reason, as people have already mentioned: There's no way to recover if the user loses their key/password. And it's huge.

Besides, there are different levels of security. There's the stuff-I-want-to-keep-private-from-family-and-friends (e-mails stored in Gmail, for example) and there's stuff-that-will-go-to-the-grave-with-me (my spreadsheet containing every password I've ever used, which is locked away in a TrueCrypt container).

 

[Mark R]

As a sidebar, what type of encryption available mainstream today is considered robust enough to prevent cracking at all but the highest levels ( i.e. brute force by super computer or elite hacker types)? My knowledge of encryption is rather basic. I'm curious about how stout current encryption techniques are.

There are a number of standard encryption techniques which are widely used and are considered completely unbreakable by any means, and generally considered unbreakable by any plausibly forseeable type of technology.

This includes things like 128 bit (or 256 bit) AES (for symmetric encryption), 256 bit (or higher) elliptic curve encryption (for digital signatures and asymmetric encryption) and SHA-2 256 bit (or higher) for cryptographic hashing.

The only real potential issue is that of quantum computing - if a real quantum computer could be built, it could potentially work against ECC highly effectively. However, quantum computers are pretty much a total unknown - people have been working on these for decades and have made surprisingly little progress.

There is a little concern that some cyptographic algorithms may be have been tampered with - e.g. ECC. To make this work, you first have to agree on a "curve" to be used. The US govt published a list of "preferred" curves, but just appears to have magicked them out of thin air - for all anyone knows, the NSA could have come up with them, because they have some kind of known (to them) unknown (to the general public) defect. Of course, there are plenty of "open source" curves available, but not all software supports them; and if you are a software developer and want to sell your software to businesses and the govt, then you'll want federal certification on it - and that means you have to use the govt's curves.

The big risks with encryption today, are people using it incorrectly. That includes user error and programmer error (i.e. subtle bugs in the encyption software or OS).

Examples of bugs that have caused issues are things like the random number generator bugs. When you set up an SSL connection, the first thing that happens is that your computer generates a random symmetric (e.g. AES) key. That key is then transmitted to the server using an asymmetric encryption technique (RSA or ECC). Once the server has received the key over the extremely CPU intensive ECC/RSA channel, that key can be used to run the highly efficient AES encryption. Some OSs (e.g. some versions of android) have shipped with defective random number generators which tend to repeat the same numbers over and over - this can massively weaken security.

The heartbleed bug meant that hackers could retrieve a server's private keys, which would permit them to eavesdrop on their SSL connections.

There is also user error - passwords/passphrases are ridiculously weak compared to even 128 bit AES. Most passwords have barely 40 bits of "strength", even passphrases can be misused (e.g. using a passphrase that has ever been published - e.g. a line of poetry, or a verse from the Bible) because these texts are easily available and there are cracking tools that can use that text as a source.