Dropbox password breach shows why end-to-end encryption matters
1) End-to-end encryption protects users’ files in cases when login details of admins are leaked
When a system admin from a company using server-side encryption (like Dropbox) gets hacked, hackers might possibly be able to access, decrypt and read users’ files, regardless of the strength of users’ passwords. As server-side encryption involves encrypting and decrypting files on the provider’s servers, their system admins might have access to the encryption keys and the files – and so can hackers.
On the other hand, if a system admin from a company using end-to-end encryption (like Tresorit or SpiderOak) gets hacked, hackers will only find an encrypted format of the files stored in the cloud and will not be able to access them in a readable form. This is why end-to-end encryption matters: files are encrypted at the users’ side before being uploaded to the cloud, so the service provider does not have access to the encryption keys. To have this protection, users should have strong passwords as well – as the danger of a data breach may provide access to users’ hashed login credentials and weak passwords could be reversed.
2) Having strong passwords is vital in all cases
Strong passwords are essential in cases when the user’s login data (email addresses and salted hash passwords) get leaked. If users have strong passwords and admin accounts are not leaked, user files are safe in both server-side and end-to-end encrypted models because properly hashed and salted strong passwords are practically impossible to reverse. On the contrary, weak passwords could be reversed and so files could be accessed. The learning: always use strong passwords and never re-use passwords for different services.
– – –
Today, the news broke that beyond user emails, the salted and hashed password data of more than 60M Dropbox users were also leaked in the 2012 incident. This means that user files might be accessed: at-rest encryption that is used by Dropbox and most other big services is not able to protect them in cases like this. As opposed to that, end-to-end encryption would protect user data even in such situations, and therefore should be a new standard in cloud storage and file sharing.
Even though the leaked passwords are hashed and not the actual Dropbox passwords, they might possibly be used to access files that are stored on the server. Why? At-rest encryption that stores encrypted files together with encryption keys doesn’t help: those having the hashed passwords may access the files already in a decrypted form.
Why is end-to-end encryption the safe alternative?
End-to-end encryption is a secure solution especially for situations like this: if a data breach happened at a cloud provider using end-to-end encryption, files would remain protected because they are encrypted on their device before uploaded to the cloud.
Imagine if something similar to the Dropbox password breach happened to an end-to-end encrypted service. Leaked hashed passwords could theoretically still be used for accessing data stored on servers. However, the stored files would be impossible to decrypt, because the decryption keys themselves are stored at the user’s device and not on the servers.
How is it possible? How are passwords managed to provide safe end-to-end encryption in services?
With end-to-end encrypted services like Tresorit, two keys are generated from passwords using industry-standard algorithms and hashing: a server-side authentication fingerprint that is needed to access personal data on servers and another key that encrypts user profiles and file encryption keys on the user’s device. The provider’s system admins never gain access to the second key on the user device. Thus, even if the first hashed key is leaked, the second key stays secure at the user’s device and so do their encrypted files in the cloud. Only users and those they share their files with can decrypt and access the content.