Sunday, November 2, 2014

Onedrive lulz

So everyone is now freaking out over this one drive article on the cryptome website.

So does onedrive really get your encryption keys when you do full disk encryption using bitlocker? Yes and No...

I do have a Windows 8.1 box... It's a box I do absolutely nothing on minus checking email on my account and I have it converted over to conform with what Microsoft really wants you to do with that OS. (Hooked in with a Microsoft account)

It's encrypted with Bitlocker but with a small difference. I confirmed my bitlocker keys are not stored on my onedrive account. Originally when I created the box it had a local account when I encrypted it with Bitlocker. << This is key.... If you do it this way everything is forced locally somewhere. Such as a usb stick.

I do have a backup of my keys.. but they are in encrypted form on skydrive.

When using any cloud provider I suggest to never trust it. Layer your security with encryption that is done locally before you upload it to skydrive. I suggest using something like PGP.

Interested in testing this out... try it yourself.. remember create a local account and use that local account to encrypt your computer with bitlocker.

No comments:

Post a Comment