undefined | Better HN

0 pointstptacek12y ago0 comments

If you store an image with executable code in it on Dropbox via Truecrypt, how many times will you potentially run it out of that image?

Again: we are talking about properties that cryptographically sound systems simply don't have. And if you're using Dropbox as your backing store, and not a physical drive, there is no reason to accept those properties!

0 comments

1 comments · 1 top-level

oggy12y ago

If I store a program on Dropbox, I might run it many times. Thousands? Millions to be generous? But if the attacker has to do a brute force search which relies on me executing each different tampered version of the program, that's probably too small of a number.

The reason to accept sub-optimal properties in this case is convenience. Truecrypt is popular and has a nice interface. Using it with Dropbox gives much better security than not using it with Dropbox. It's not perfect, but I still don't think we have any practical attacks against such a scenario.

I agree that having stronger crypto there is however possible and desirable.

j / k navigate · click thread line to collapse