4

In 2013 Lavabit shut down because a US agency was demanding access to its private SSL keys and basically the deets on whatever users the US was interested in. Lavabit shut down rather than give the US that access.

Yet, this means that Lavabit had the ability to give the government access to the data it stored for its users.

In light of this, a service called SpiderOak claims to have a Zero-Knowledge encryption mechanism that means it is unable to access user data even if it wants to. While some companies say they won't access your data, SpiderOak claims that it can't.

My question essentially boils down to the truth of this claim. What evidence is there that SpiderOak, even when pressured by a random agency or otherwise compromised, actually can't divulge the data it stores?

Also, I understand that zero-knowledge is a mathematical possibility (although I don't claim to understand exactly how that works). I am more interested in how an outside user can trust the company. Who has audited it? What credibility do they have? The software appears proprietary, so how do I know they didn't make some major mistakes?

StackzOfZtuff
  • 17,783
  • 1
  • 50
  • 86
Fernando
  • 705
  • 5
  • 17
  • 1
    Not the answer, but I *think* that possession of the TLS keys would have allowed the U.S. government to snoop only on current traffic. That is why shutting down was an effective thing for Lavabit to do. No Lavabit == no current traffic. – Bob Brown Dec 22 '14 at 19:16
  • I've now read a bit about SpiderOak. Lavabit was an email service, which means the recipient(s) of a message needed to be able to decrypt it. SpiderOak is a "cloud storage" service which, in its simplest form, makes stored data available only to whoever did the storing. You can share data using SpiderOak, but you have to provide a password (key) to the other readers. That seems to be their primary selling point. If all I want is encrypted backup, I can use Google Drive and any recent encryption program. – Bob Brown Dec 22 '14 at 19:28
  • 1
    Finally, here is an analysis of how Lavabit worked, written by cryptographer Moxie Marlinspike: http://www.thoughtcrime.org/blog/lavabit-critique/ What I get from the critique is that an attacker (like the NSA) who had the TLS key would have been able to decrypt the password (key) a user used for storage when a user logged on, and so would have had access to the contents of stored email as well as new mail in transit. *No wonder* Ladar Levison felt he had to shut Lavabit down. – Bob Brown Dec 22 '14 at 19:35

1 Answers1

5

You can prove this to yourself by watching the traffic that leaves your computer to go to SpiderOak. That data should be encrypted by a key that only you control. Even if they made a mistake, your data is encrypted before it leaves with a widely tested algorithm. You can verify that your data is encrypted by that algorithm.

In addition, SpiderOak hired an outside firm to audit their recent release: crypton.io https://blog.spideroak.com/tag/audit

Finally, the EFF seems to agree with the ZeroKnowledge claim: https://blog.spideroak.com/20131122173304-spideroak-encrypts-best-as-per-effs-crypto-survey-report

Zero Knowledge in this usage isn't really a mathematical anything. It just means that they only store an encrypted mass of data and don't know your key.

mcgyver5
  • 6,807
  • 2
  • 24
  • 45
  • 2
    There _is_ a mathematical notion of zero knowledge proofs, but this is not related to that. – cpast Dec 22 '14 at 23:30
  • Question: if the client is closed-source, how can you be 100% they don't send a copy of your keys to their servers? Once your key has been transfered once, you can even change your password (password used to encrypt the key), but the may already have a copy. Note: I'm not saying they are doing this, I'm just asking "How can we be 100% they don't do it" ? Has anyone reverse engineered the client? – Andrea Grandi Nov 11 '15 at 17:57
  • @AndreaGrandi Depending on the capabilities of the adversary, reverse engineering the client may not be enough. If SpiderOak and Intel (or any other widely used chip manufacturer) forged a nefarious deal, then you would have to reverse engineer both the client _and_ the CPU. (This idea comes from Ken Thompson's Reflections on Trusting Trust, https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf) – user7610 Dec 14 '16 at 14:28