• General

  • If my host compromised can someone directly read files in blob directory?

If my server that I deployed Cryptpad get breached, and the malicious actor is able to retrieve all the files in blob directory. Can they somehow read the data from the blob files?

For example, I have a jpeg (10mb) and the actor able to copy the same 10mb blob data file from blob/29/239283902891038902939, can they add a .jpeg extension and able to read it?

I assume you cannot as using file command result in a data type for the blob file, not images. Just want to confirm if this is the case? Thanks!

Hello,

Every blob is fully end-to-end encrypted, with the key from the person uploading the document. The server doesn't hold the key (end-to-end encryption principle). If someone breach your server they wouldn't be able to access any data from CryptPad.

You can read more about our thread modeling and cryptographic implementation in the whitepaper we published last year.

Hi @Mathilde,

That is a very good read.

Tho the white paper suggest something slightly different. Seems like my login credentials generate a login key and submit to server, the server use this login key to decrypt the blob that contains the long term key, then long term key is used to decrypt the actual file blob so I have access to the files.

If I change password it basically uses the old login key to decrypt the long term key blob and encrypt again with the new login key.

So technically the long term key to access files is still on the server, as long as no one can brute force it, or my login credential somehow get breached / no ssl sniffing , I am safe.

Hopefully my understanding of section 6.1 is correct.

Thanks!

I'm not a security expert, so please take my explanation with some caution. However, I've done some research on the topic. I'll present the protection of Cryptpad compared to a cloud solution without end-to-end encryption (Nextcloud):

Protection against...

  • Mass surveillance?
    • Nextcloud: yes
    • Cryptpad: yes
  • Passive attacks
    • Nextcloud: no
    • Cryptpad: yes
  • Active attacks
    • Nextcloud: no
    • Cryptpad: no

Active Attack

An active attack could involve someone breaking into your server and modifying the Cryptpad JavaScript code to obtain your private key. While the Cryptpad client is transmitted to your browser as source code (JavaScript), making it theoretically verifiable, practical verification of your client's integrity with each page request is not feasible in Cryptpad. You may not detect an active attack in time if someone compromises your server. Ensuring the integrity of your client ultimately requires trusting another entity. It is safer if the client is not delivered by the server where your data resides. For example, if the client is installed via your laptop's package manager, the attacker would need to breach your laptop or the package manager administrator, which is less likely.

Passive Attack

However, you are protected against a passive attack. If someone merely copies your data from the server, it remains encrypted.

Therefore, Cryptpad has an advantage over Nextcloud in terms of passive attacks. Regarding active attacks, the project is indeed transparent in its repository README.

Terminology clarification (https://en.wikipedia.org/wiki/Cyberattack#Types_of_attack):

  • An "active attack" attempts to alter system resources or affect their operation.
  • A "passive attack" attempts to learn or make use of information from the system but does not affect system resources (e.g., wiretapping).

Very useful explanation @hilaru that is a good read and help me understand more. I was using crypt pad to start with specifically because of its more secure nature.

Thanks.