Very good. So would you care to tell us what in capacity Filen uses RSA? I cannot help but notice @eudyp omitted to inform this thread.
1 Like
This link is literally in the thread above linking to the source code using RSA for encryption.
So tell us what it means.
2 Likes
What is here to tell other than that it is using RSA for encryption? Not sure what else you need to know.
RSA is not deemed secure enough in the industry. If we need to explain this you should get back to studying cryptography before we can continue this conversation.
RSA is used on this very site⌠so clearly it isnât completely obsolete. How does Filen use it?
Uh huh⌠which is why RSA is post quantum ready, correct? After all, I donât have to provide a credible source if you donât.
Did you just tell me to eduskate myself, sh!tlrod! ?
1 Like
You may not see it yourself but bu writing this it shows you have no idea what you are talking about.
But for the sake of it:
- Seriously, stop using RSA | Trail of Bits Blog
- https://www.thesslstore.com/blog/is-it-still-safe-to-use-rsa-encryption/
- RSA Is Dead â We Just Havenât Accepted It Yet
You could literally just google this shit. Also get again as @dngray using RSA for a TLS certificate is a completely different application of cryptography. Your replies lack any understanding of this. Applications have different requirements and importance.
Your comment about quantum. No RSA is probably not quantum safe. This is a big issue in the industry. Yet again not really trivial for a website like privacy guides. ECDSA will likely be a better alternative although that remains to be seen. If you want to learn more about actual quantum safe you should read on https://openquantumsafe.org/.
And yet youâve still omitted to tell us how Filen uses it.
1 Like
Omg dude. Youâre going in mute. If you canât read the source code thatâs your problem. I am not going to explain it. The fact fhat filen uses it for encryption is the issue. You really do not seem to want to hear it. It isnât important what even is encrypted using it. Appears to be a lot but it is inrrevant. Using RSA for any encryption in this way is just showing incompetence.
FIrstly, what nice, expansive edit more than three minutes after the fact. Perhaps itâs just me but it really says something. As to what Iâll leave it to this threadâs polite audienceâs imagination.
Secondly, you again neglect to respond to the query. Let me refresh your memory: how does Filen use RSA?
Thirdly, If you think curves âwill likely be a better alternativeâ then I can only thank you for spotlighting the threshold for what it takes to be a âPRIVACY WIZARDâ in
this so-called âcommunityâ.
Dilettantes.
(Edit: ⌠and then the PRIVACY WIZARD blocks me. How telling. Maybe heâll have better luck LARPing on Twitter.)
1 Like
RSA is sufficient. While extremely small RSA keys should not be used, (anything under 2048bit). RSA 4096bit is still secure enough. The main reason for moving away to EC related curves is because of smaller keysize/speed, not because of quantum resistance (which neither are).
1 Like
Exactly. Generally speaking, curves & anything less than RSA-4096 arenât going to protect against so called âharvest now, decrypt laterâ ⌠but I presume weâve all heard of one E. Snowden.
RSA-2048 is still perfectly acceptable if oneâs goal is commonplace DPI evasion as a part of a layered strategy. Even the LARPing âwizardâ ITT hinted to the metaphorical idiom of âthe right tool for the jobâ⌠in far more crude terms but no matter. That still doesnât answer the question posed:
In what capacity does FIlen use RSA?
1 Like
RSA isnât used for encryption. They use 256-bit AES for that.
The RSA encryption looks like itâs used for some kind of API request that shows the files the user is downloading. It also looks like it has something to do with shared folders.
I also didnât see anything about 2048 bit encryption there with it.
2 Likes
Interesting, isnât it? At no point has @eudyp stuck his head back ITT to defend his position⌠& I know youâre seeing the notifications, âPenguinâ. Meanwhile you & I, Gray, had a pleasant little exchange about the various uses of while everyone⢠else falls into a tizzy at the mere mention of RSA.
This really is a fun little site; highly entertaining if I may say so.
You have good intuition: itâs related to the public key exchange before pushing the shareâs metadata when sharing strictly between Filen users.
#TiawanNumber1
1 Like
ECDSA is arguably better, but I agree that it is likely that neither will proof secure enough against quantum. However, that for what it is worth is all theory.
RSA isnât used for encryption. They use 256-bit AES for that.
There is indeed no file-encryption using RSA here, from what I see. However, there is also no good excuse to encrypt metadata using it. It just isnât a good idea. It makes no sense to use RSA here while better options are available.
Secure enough? maybe. Is it a well architectured solution? probably not.
Keep the thread civil, or I will have to moderate Thanks.
8 Likes
To keep it simple, RSA is also being used by the government as well as the big wig companies. When you store data into something with RSA implemented, you run a risk (a very small risk considering their security) of having the government and these big wig companies looking at your data if RSA complies. While the chances are next to zero considering privacy law, the fact that the chance could be there is considerable enough for most people that store data for privacy