Migration of files / security question

div

Hi,

I got an encryption related question. There were a few files stored unencrypted on my Dropbox account. I've moved them together with a couple of other, more sensitive files, to a Boxcryptor encrypted subdirectory (with encrypted filenames enabled).
The file sizes of encrypted files are the same as of the unencrypted files. So the people at Dropbox (or at any other storage provider) could quite easily match encrypted and unencrypted files by their file size regardless of the encrypted filename.

Now to my question:
Can the encryption key be broken if someone possesses an encrypted and an unencrypted version of the same file (or of a couple of files) and render the whole encryption useless?

Robert

Hi div,

you're describing a so-called "Known Plaintext Attack" and of today AES (which is used by BoxCryptor) is not vulnerable to this kind of attack. AES is one of the strongest ciphers and is approved by the NSA for top secret information.

You can find further reading on this topic e.g. here:
http://security.stackexchange.com/questions/5355/compute-the-aes-encryption-key-given-the-plaintext-and-its-ciphertext

--Robert

div

Hi Robert,

thanks for the quick answer. Good to know the files are still secure.
In the FAQ you describe some features of EncFS which are currently not supported in BoxCryptor (e.g. file name and per file IV's). Are those a priority in the future development of BoxCryptor? Those would make BoxCryptor even more secure.

Robert

Indeed, these features (especially per-file IV's) can further improve the encryption strength. Our main priority right now is to bring the current BoxCryptor encryption to mobile platforms (Android, iOS), but those features are definitely also on our todo-list!