Sunday, November 2, 2014

Onedrive lulz

So everyone is now freaking out over this one drive article on the cryptome website.

http://cryptome.org/2014/11/ms-onedrive-nsa-prism.htm

So does onedrive really get your encryption keys when you do full disk encryption using bitlocker? Yes and No...

I do have a Windows 8.1 box... It's a box I do absolutely nothing on minus checking email on my outlook.com account and I have it converted over to conform with what Microsoft really wants you to do with that OS. (Hooked in with a Microsoft account)

It's encrypted with Bitlocker but with a small difference. I confirmed my bitlocker keys are not stored on my onedrive account. Originally when I created the box it had a local account when I encrypted it with Bitlocker. << This is key.... If you do it this way everything is forced locally somewhere. Such as a usb stick.

I do have a backup of my keys.. but they are in encrypted form on skydrive.

When using any cloud provider I suggest to never trust it. Layer your security with encryption that is done locally before you upload it to skydrive. I suggest using something like PGP.

Interested in testing this out... try it yourself.. remember create a local account and use that local account to encrypt your computer with bitlocker.

No comments:

Post a Comment