Key File on Cloud Drive

ricerc1

Hello,

I'm new to cryptography and have been using this service for a couple weeks now.

I'm using an online account and have downloaded my key file just "in case".

The Technical Overview article (https://www.boxcryptor.com/en/technical-overview/) explains "As the sensitive information in the key file (e.g. private keys) is encrypted, users can store the key file in their cloud storage."

I understand the private-key is encrypted in this file, but if my cloud storage did have a breach. Would this key not be a great starting point to hack the encryption?

In other words, the hacker now has my Boxcryptor username and encrypted private-key (both are stored on the key server?). Would this information not be valuable to brute-force their way into cracking the password/passphrase?

I hope that is clear. I may just not completely understand the process.

Would anyone mind shedding some light on this?
John

Christian

Hello John,

of course owning the encrypted keys makes it easier to test passphrases. But as in every password based security system, the degree of security boils down to how secure your passphrase is. If you've got a secure passphrase, then it really doesn't matter much. It will not be breakable no matter how efficiently the attacker can try out combinations. Have a look over at http://www.lockdown.co.uk/?pg=combi for a feeling how long it takes to guess them.

Best regards,
Christian