this post was submitted on 07 Jun 2024
3 points (100.0% liked)

Cryptography

402 readers
1 users here now

cryptography (noun). The discipline concerned with communication security (eg, confidentiality of messages, integrity of messages, sender authentication, non-repudiation of messages, and many other related issues), regardless of the used medium such as pencil and paper or computers.

This community is for links about and discussion of cryptography specifically. For privacy technology more generally, use !privacy.

This community is explicitly not about cryptocurrency; see !crypto for that.

founded 3 years ago
MODERATORS
[email protected]
[email protected]
3
How to implement a secure Microsoft Recall alternative? (lemmy.one)
submitted 3 weeks ago by [email protected] to c/[email protected]
12 comments fedilink hide all child comments
 

So, I've had a bit of a stupid idea for my next programming project, which would be implementing a Microsoft Recall alternative for Linux where the data is encrypted. I've now written a bit of code and have come to the point where I'd need to encrypt the files. My plan was to use asymmetric encryption where the secret key is again encrypted using something like AES and the user needs to decrypt the private key to view the screenshots taken / data extracted from the screenshots.

I have now learned that asymmetric encryption is very slow and it's generally not designed to encrypt large chunks of data, so I'm not sure how to continue. Do you think asymmetric encryption is feasible for this? Any idea how else to do the encryption? Ideally I would like for the server that takes the screenshots to not have a key that can decrypt the files since that wouldn't be as secure.

you are viewing a single comment's thread
view the rest of the comments
[–] grue 6 points 3 weeks ago (8 children)

I'm not sure encryption is the issue here. Why do you think this data needs to be more encrypted than the rest of the user's home directory, which should hopefully already be protected by full-disk encryption if the user cares about that sort of thing?

[–] [email protected] 1 points 3 weeks ago (7 children)

Because it would be really easy to extract a lot of data out of that database, which is what Microsoft Recall is being criticized for

[–] grue 1 points 3 weeks ago (6 children)

But if an attacker has decrypted access to a user's home directory, aren't they screwed anyway?

[–] [email protected] 1 points 3 weeks ago

I guess that's right

load more comments (5 replies)
load more comments (5 replies)
load more comments (5 replies)