Some very basic mistakes here: https://eprint.iacr.org/2024/546.pdf
Iâm not actually surprised
2 Likes
Abstract?
AbstractâNextcloud is a leading cloud storage platform with
more than 20 million users. Nextcloud offers an end-to-end
encryption (E2EE) feature that is claimed to be able âto keep
extremely sensitive data fully secure even in case of a full
server breachâ. They also claim that the Nextcloud server
âhas Zero Knowledge, that is, never has access to any of
the data or keys in unencrypted formâ. This is achieved by
having encryption and decryption operations that are done
using file keys that are only available to Nextcloud clients,
with those file keys being protected by a key hierarchy that
ultimately relies on long passphrases known exclusively to
the users.
We provide the first detailed documentation and security
analysis of Nextcloudâs E2EE feature. Nextcloudâs strong
security claims motivate conducting the analysis in the setting
where the server itself is considered malicious. We present
three distinct attacks against the E2EE security guarantees in
this setting. Each one enables the confidentiality and integrity
of all user files to be compromised. All three attacks are fully
practical and we have built proof-of-concept implementations
for each. The vulnerabilities make it trivial for a malicious
Nextcloud server to access and manipulate usersâ data.
We have responsibly disclosed the three vulnerabilities
to Nextcloud. The second and third vulnerabilities have been
remediated. The first was addressed by temporarily disabling
file sharing from the E2EE feature until a redesign of the
feature can be made. We reflect on broader lessons that can
be learned for designers of E2EE systems
This isnât anything we didnât know already. And this has been discussed on the forum before. I have many times raised my concerns about this also to nextcloud themselves. They are ignorant about it.
4 Likes
Can you give pointers? The above abstract is unreadable.
They probably canât justify the business cost of a complete re-implementation of E2EE. Theyâre still a rapidly growing company and will continue to grow as long as they remain the dominant webdav/caldav/carddav server.
2 Likes
Would be interested to see how Seafile compares in terms of E2EE security.
Thatâs the worst argument I have heard in ages about accepting a massive security flaw. If they canât even keep their core product secure I think they better just stop at all. E2EE is used a lot in the PR of Nextcloud and every time I see it it has been very frustrating given the state of things.
Should be noted that according to the paper some things were resolved. Not that I would trust it to be safe now.