This page is automatically translated.
Is there a way to securely store more than ID and password?
The TeraCLOUD route is encrypted with Secure Sockets Layer (SSL). IDs and passwords are connected to the server using the encrypted layout.
Since the password database in the server is encrypted by a one-way function (hashed) owned by the OS, a definite strength exists.
However, there are ample cases where the user IDs are exchanged by individuals using public functions, or they are made to be the same as a Social Networking Site (SNS) such as Twitter.
Therefore, there are cases where it is considered that it is not enough to protect saved data, as it solely depends on the strength of the established password.
Generally speaking, there are three possible ways to encrypt data.
*However, for various reasons, the only method that can be used with TeraCLOUD is (3) as a result.
(1) How to pass the password entered by the customer to the server and encrypt the key stored on the server based on it
In this method, the key for data encryption/decryption is stored on the server.
Passwords are changed periodically at the convenience and timing of the user. As the strength of passwords might be considered low, it is necessary to change randomly generated key encrypted and decrypted data and server instead of encrypting the data to the password itself.Through this method, encrypted data then decrypts the key stored on the server-side with the password sent from the client while decrypting the data using that key when the user changes their password. Additionally, re-encrypting data stored on the server is not necessary. However, this method has the following problems.
- It can not state sufficient strength because of its ability to decrypt the key itself with a password composed of several alphanumeric characters and symbols inputted by the user.
- Although the user encrypted their account with their password, the decryption key is stored on the server.
- If the event where the user's password is leaked, it can no be dealt with.Password leakage is the highest possibility of these events.
With this method, there is no change in the state relied only on the strength of the password set by the customer. If the encrypted key and data leak due to some accident, the data will be decrypted.It is in the user's best interest to know the following: As the "shared function" is incompatible based on specific criteria, many users shared data on TeraCLOUD is compounded during the creation of a shared folder not consisting of a password.
*TeraCLOUD performs one-by-one processing to prevent any data corruption. As a result of the heavy encryption/decryption process, the user might be unable to operate the service.
(2) How to send a key file every time
In contrast to Method 1, Method 2 sends a key generated by the client to the server.As mentioned above, the route is encrypted with SSL.The key transmission will become robust. Due to the server using a proprietary protocol, standard client software can not be used. The only access from the web browser will be allowed.
TeraCLOUD emphasizes that it can be used with standard client software. However, due to the size, it will become incompatible with TeraCLOUD's service.
(3) Having an encryption engine and sending encrypted data as is
Through this procedure, in addition to method 2, only encrypted data is stored on the server for customers processing their encryption engine.
The merit of this method is that in the event where data is accidentally leaked, even if it is found to be encrypted data, compounding the data is nearly impossible.
Data that is encrypted volume by volume instead of by file unit makes it difficult to know what kind of files are contained within the data.In addition to the aforementioned information, files that the user wishes to share can be uploaded separately, creating a more convenient and safe process.
As of January 2014, TeraCLOUD can only perform method 3.There are ample encrypting methods from the perspective of the customer's computer. Software such as "Truecrypt" and encrypted "Sparse Bundle/Disk Image" of Mac OS X are commonly used.In the case where TrueCrypt is the customer's selected choice, TeraCLOUD recommends creating with a volume ranging around 1GB. This is due to the occurrence of large amounts of data communication.
TrueCrypt's homepage is here
Updated on January 28, 2016