Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    mostolog
    @mostolog
    Hi. For cryptomator/cryptomator#367 I woulb bet FIDO as the best alternative, but IMHO there seem to be a lot of work to do before facing that. What dou you think?
    mostolog
    @mostolog
    For cryptomator/cryptomator#363 these are my 2 cents: logs are always welcome, because it sucks when you have a crash without logging enabled or when you need to figure out why something happened. For this issue, encrypted filenames must be used instead of real ones, but even action or time of events could be considered sensitive. I suggest considering 2 log files: a public/readable/unencrypted log for application start, GUI and so, rotated on each app launch up to 3 files, and perhaps with encoded timestamp+operation+encrypted_filename which can be unwrapped with user password+utility, while the other is encrypted and stored within the vault, using real paths and so. What do you think?
    Sebastian Stenzel
    @overheadhunter
    The problem with FIDO is that one time passwords can not be used to cryptographically bind them into a key derivation function. Thus this only works for authentication against servers, that “want” to authenticate the user.
    But an attacker would just write a bruteforce software that skips this authentication, as it is not cryptographically linked to the masterkey. Therefore any 2FA mechanism that is based on one-time tokens (or basically anything that is not constant over time) will create a false sense of security.
    What would however work is an additional file that needs to be provided together with the password.
    encrypting logs it rather complicated, but anonymizing cleartext names should work. other information like timing and order or requests is nothing I would hide. After all the log file is created is created on the same device that the user enters his/her passphrase on. If an attacker has access to that machine, he might also have installed keyloggers or other malware.
    mostolog
    @mostolog
    I agree with you about the linking between keys and 2FA being a problem. Storing keys on a Crypto Token could work, but based on my experience it's a real pain...even with OpenSC. I don't remember if FIDO allows to invoke a signing a challenge (decrypt key_used_for_encryption with a previously provisioned key), that could help "linking" them. Anyway, as I said before, I think it's a distant-future feature :P
    mostolog
    @mostolog
    Moving away from "traditional passwords" could be an improvement to have in mind, in order to avoid keyloggers, but as they are (isn't it?) stored in memory it won't help much. IMHO it is important to think "why are users using cryptomator?". Probably because they want their files being stored encrypted on the cloud and nothing more (at least that's my case). Hence, encryption of log files could be a privacy improvement, but not even a low priority task now. Anonymizing filenames in logs, on the other hand, it's quite easy to do, but a way to "decrypt" paths for reporting it's -IMHO- required. Is there any tool/script to generate an unencrypted/cleartext version of log file?
    BTW: Wouldn't it make more sense to discuss this on a github issue, rather than gitter?
    Sebastian Stenzel
    @overheadhunter
    ack! this kind of discussion should be publicly visible on github. I thought we’d discuss further possibilities of how to start developing etc privately
    mostolog
    @mostolog
    About development, I'm much concerned about Dokany, or using something to mount on DRIVELETTER. What's the current status? I'm not familiar with it, but I could have a look on project, documentation and your "demo" and try to integrate it. We could start creating an epic issue, and splitting diferent tasks needed to achieve this.
    Sebastian Stenzel
    @overheadhunter
    regarding dokany: we’re currently building a filesystem “mirror” against the java NIO api. there is a small test program, that lets you specify an existing directory and a mountpoint and then you can work on the mountpoint normally but are actually modifying the files inside the directory
    mostolog
    @mostolog
    Checking if I understood properly: there's a test (please, give me a link) which handles a VFS with unencrypted files & operations, which underlaying are really encrypted within the vault.
    Herbi Maur
    @HerbiMaur_twitter
    hi, is there a documentation which functionality is already implemented? I have installed the alpha as tester on android. Am I right that only dropbox is included in the current version? I am using google drive only but only dropbox is shown as cloud service.
    Sebastian Stenzel
    @overheadhunter
    yes we started with dropbox only for the moment
    will add further providers over time
    ihsanhaikalz
    @ihsanhaikalz
    Hello guys. I came across to this library after trying to find some Java library to mount a filesystem in Windows without too many hustling with JNA and stuff and I want to implement this library into my project. Basically my project is a secure cloud storage and it will store user's file in the computer but currently it is stored in normal directory. I was thinking to implement this library into my project, do you think it is possible using cryptomator library? If so, where should I start to implement the library? Thanks
    ihsanhaikalz
    @ihsanhaikalz
    And also I checked the library there is missing DaggerCryptoFileSystemTestComponent class, is it a bug or something else?
    Markus Kreusch
    @markuskreusch
    regarding DaggerCryptoFileSystemTestComponent I replied to the github issue you created
    Regarding the library: there are several available, e.g. CryptoFS, CryptoLib, webdav-nio-adapter. You should be able to use those libraries as long as you follow the license terms - so publish your project under AGPL itself.
    ihsanhaikalz
    @ihsanhaikalz
    But can I use the cryptomator library directly to my project if it is possible or should I use different libraries that you mentioned and implement it to my project?
    Markus Kreusch
    @markuskreusch
    Well that depends... I do not know your project and your exact requirements. I guess you will have to check our libraries and decide by yourself if they fit your needs.
    Tobias Hagemann
    @tobihagemann
    In simple terms: You can't use Cryptomator's libraries in a closed source project. The project itself has to be open source and licensed under AGPL as @markuskreusch mentioned. If your project is open source and licensed under AGPL, then you're welcome to use the libraries. :)
    Tobias Hagemann
    @tobihagemann
    If you're interested in using the libraries in a closed source project, you can purchase a commercial license. You can contact us via email for more information.
    ihsanhaikalz
    @ihsanhaikalz
    I see, thank you very much for the explanation. Currently I am trying your library CryptoFS by following the example in the front page. but I don't know how to decrypt the filesystem or the file itself. Do you know where should I start?
    Mahdi Fooladgar
    @professormahi
    any body know what is the problem with my cryptomator?
    2016-12-21 13:24:57,181 INFO [Cryptomator:39] Starting Cryptomator 1.2.3 on Linux 4.8.0-30-generic (amd64) 2016-12-21 13:24:57,201 INFO [SingleInstanceManager:300] no running instance found X Error of failed request: BadValue (integer parameter out of range for operation) Major opcode of failed request: 154 (GLX) Minor opcode of failed request: 24 (X_GLXCreateNewContext) Value in failed request: 0x0 Serial number of failed request: 26 Current serial number in output stream: 27
    atek3
    @atek3
    Anyone here at the moment?
    Strubbl
    @Strubbl
    Hello, how can i exit the program? I am using i3wm on linux and none of the usual key combos (ctrl+q, ctrl+w, alt+f4) works to exit the program. Is there a button anywhere?
    Strubbl
    @Strubbl
    i added issue #479 for that
    Gernot Pokorny
    @gernotpokorny
    hello
    Is there a guide somewhere how to build from source on windows. im familiar with c++ and c# but not so much with java...
    Gernot Pokorny
    @gernotpokorny
    I've installed maven 3 and java but what do I do with the JCE and windowsstuff linked in github
    王可森
    @wangkesen
    Hey, where does one contribute to localizations? I can contribute to ZH (TW)/ JP if those are still needing work.
    Tobias Hagemann
    @tobihagemann

    Hey everyone, sorry we're not that active on Gitter. It's quite overwhelming to have too many channels for communication. :)

    @gernotpokorny You can find a more elaborate guide on how to build Cryptomator completely yourself here: http://stackoverflow.com/a/43683058/1759462 At some point we're going to post this information somewhere more accessible on our website. ;)

    @wangkesen That would be awesome! Localizations for Cryptomator are managed at POEditor: https://poeditor.com/join/project/bHwbvJmx0E

    王可森
    @wangkesen
    @tobihagemann what messaging system do you guys use the most or just usually github?
    Tobias Hagemann
    @tobihagemann
    @wangkesen For public communication we currently use GitHub, Twitter, Facebook, and email
    王可森
    @wangkesen
    Got it! Hey just one more general question, there should be no problems with like larger cloud storages right? Or would you recommend creating multiple vaults? I'm using a webdav with Teracloud.jp now and one vault right now exceeds 1TB, there hasn't been any problems get although if there is a lot of images Say in one folder it will take a long time to list when mounting initially in cryptomator
    Tobias Hagemann
    @tobihagemann

    In general, there is no practical upper limit when looking at it from the encryption scheme's perspective. There is a theoretical limit... you can create at most 32^2*32^30 folders (base32-encoded 2-char and 3-char folders inside "d") and a single file can be at most (2^63-1)*32*1024 bytes (~300 YB, yes yottabyte) large if I'm not mistaken (chunk number is a signed 64-bit integer and a chunk is 32 KiB in size, the chunk number must not overflow, that's why the limit).

    If you have too many files inside a folder, there might be a practical limit usability-wise. Cryptomator's virtual drive has to decrypt all filenames when doing a directory listing, which could get slow with a higher number of files. In that case, I'd suggest creating more folders in a vault and don't have too many files inside a single folder. Of course, you could also create more vaults but it's essentially the same as if you'd create folders inside a vault.

    王可森
    @wangkesen
    Oh okay so basically like it's a better idea to use more folders then having a long ass list haha. I thought so because the ones have more sub directory folders load much faster. Also, like thanks so much for Cryptomator man it's actually has so many uses. And once you've got more people using it it becomes much less of a risk when sharing files etc as well. I live oversees, but also would like to keep information available to the fam but at the same time sending it by email is a liability, and trusting that everyone has their accounts and stuff secure is also another livability, but being able to just "share" a vault or rather give fam access to that vault without giving access to the rest of the files cause they are in separate files is a awesome setup. I keep gifting the iOS version to friends and family and then they get super hooked on it and they all love it haha.
    Tobias Hagemann
    @tobihagemann
    Awesome! :raised_hands: Thank you for your amazing support! :+1:
    Pete
    @PMaynard
    do you recommend official java on Linux, or do you not care too much?
    Pete
    @PMaynard
    answered that myself
    seems to need the Oracle Version
    Constantin Guay
    @const-g
    Hi there, I've just upgraded Cryptomator to 1.3.0, but now, I can't open my vault anymore, I've problem "Connecting drive failed"

    log shows: 12:00:33.304 [JavaFX Application Thread] ERROR o.c.u.controllers.UnlockedController - Mount failed.
    org.cryptomator.frontend.webdav.mount.Mounter$CommandFailedException: Command failed with exit code 2. Expected 0. Stderr: System error 53 has occurred.

    The network path was not found.

    Constantin Guay
    @const-g
    hum, I've tried to install the 1.2.3 and I have the same problem
    So it seems it comes from latest Windows Update
    Tobias Hagemann
    @tobihagemann
    Hi @const-g. I must admit that I don't know why you'd get system error 53 even though the registry key has the webclient value. Could you open a new issue on GitHub with your observations and findings? We're not that active on Gitter anymore. :sweat_smile:
    dnlmlr
    @dnlmlr
    Hey! Does anyone mind giving out a little detail on how does the fingerprint unlock works on Android? I assume activating it unencrypts the master key and stores it somehow in the TEE. So what I wonder is can the key be extracted from the TEE if a modified and rooted system image would be placed on my device? Just extracting unencrypted keys from the TEE should be possible when rooted. So is this the case or is there some kind of binding the key to the fingerprints so that it can only be given out by the TEE after a successful fingerprint Auth?