Adam Caudill

Security Leader, Researcher, Developer, Writer, & Photographer

Security By Buzzword – Why I don’t support Ensafer

Update: I had a call with Ensafer’s CTO, Trygve Hardersen to discuss the issues I brought up, and what they can do about it. First, they updated the site so that downloads are now over HTTPS. He stated that the infrastructure that powers their service is separate from the website, and everything is over HTTPS. They are working on making documentation available, and hope to have the first documents available soon. Once I get a chance to look over their documentation, I’ll post further updates.

Ensafer is an overlay to Dropbox that offers end-to-end encryption, the goal being to address privacy concerns that Dropbox can access user’s files – and thus possibly the US Government (via NSLs, etc.). This sounds like a great idea – end to end encryption is the best way to prevent unjustified surveillance, and I do use a competing product (Boxcryptor), so I support the concept, but what about Ensafer’s implementation – does it provide the level of security desired?

Where are the details? #

If you look at Ensafer’s site, you’ll find precious few details on what they are doing – plenty of security buzzwords, but no specifics. Let’s take a look at the one page with details:

Ensafer believes in standards and we don’t use any custom encryption algorithms. Our encryption platform is built on:

2048-bit RSA keys
256-bit AES encryption
2048-bit SSL
PKCS#12 key containers
X.509 certificates

We see some algorithm names – but what about key derivation, or symmetric encryption modes? How about hashing algorithms? How and where is your password stored? There are so many implementation details that are critical for security, yet aren’t talked about at all.

In December of 2012 I started asking about details, they pointed me back to the web site – when I pushed for more, I was told that they were working on a whitepaper to explain their implementation:

More than a year later, I’m still waiting to see those details.

So have they conducted an audit? #

Since they haven’t released details publicly, if they conducted an external audit, that would bring some trust. So, recently I asked, and this is what they had to say:

After the delay in getting useful details published, I’m not hopeful that we’ll see the results of an audit in the near future.

TLS & Safe Downloads #

I really wish that the lack of details was the only concern – but it’s not. The first thing I noticed is that their web site doesn’t force TLS, so I manually switched to HTTPS, unfortunately the result wasn’t what I was hoping for:

Well, that’s not encouraging. Let’s take a look at the download link:

When you try the same link over HTTPS, it’s even worse:

For a security product, I’d expect the download to be over HTTPS to prevent an attacker from redirecting a victim to a malicious version. This isn’t the kind of mistake I’d expect from people building advanced security tools. When you see issues like this, it’s common to see more problems, so this may just be the tip of the iceberg.

Is it trustworthy? #

I would like to say that it’s safe to use, and that it lives up to the promises made – but they haven’t made enough information available for people to make an informed decision. If you add the lack of information with such basic mistakes as not making the download available over HTTPS, it doesn’t instill much confidence. Companies focused on security should know better.

When you make decisions about what tools you use, you have to look at the full picture – and Ensafer is a great example of that. They’ve focused first on a pretty website, adding features – but not assuring trust. At this point, the only evidence of their security is the use of buzzwords.

Adam Caudill

Related Posts

  • Crypto Front Door: Everyone Welcome!

    For decades, the US Government has fought — sometimes with itself — to prevent the use of secure cryptography. During the first crypto war, they allowed strong cryptography within the US, but other countries were limited to small keys — making brute force attacks practical. But what about those pesky US citizens? They didn’t really want them to have strong crypto either — enter key escrow. What is key escrow? According to Wikipedia:

  • SMIMP at the DEFCON Crypto Village

    Last week I gave a lighting talk at the DEFCON CryptoVillage on SMIMP. The talk went over the basics of why the project is needed, and how the specification works. Here are the slides: Here is a rough transcript of the talk: Slide 1: I’m Adam Caudill, I’m a developer and security researcher; I work on a number of different things, but my recent work has been around privacy and secure messaging.

  • On Apple, Privacy, and Device Control

    If you’ve bothered to look at Twitter or any technology news source, you’ve seen that Apple made a major announcement: Expanded Protections for Children. This has been written about by countless outlets, so I’ll assume you’re familiar with the basics. The announcement covered a few new features being added to the next version of Apple’s operating systems, namely: Scanning of inbound and outbound messages for sexually explicit images. Scanning images being uploaded to iCloud for CSAM.

  • Confide, Screenshots, and Imaginary Threats

    Recently Vice published a story about a lawsuit against the makers of the ‘secure’ messaging application Confide. This isn’t just a lawsuit, it’s a class-action lawsuit and brought by Edelson PC – an amazingly successful (and sometimes hated1) law firm – this isn’t a simple case. The complaint includes a very important point: Specifically, Confide fails to deliver on two of the three requirements that it espouses as necessary for confidential communications: ephemerality and screenshot protection.

  • Crypto Crisis: Fear over Freedom

    Yesterday, President Obama spoke at SXSW on topics including the oft-discussed fight between Apple and the FBI – what he called for, while more thoughtful than some of the other comments that we have been hearing from Washington, was still tragically misinformed. He repeated the call for a compromise, and by compromise, he meant backdoors. Here, I feel I must paraphrase one of my favorite authors to properly express the magnitude of what’s being discussed here: