The Nasuni Cloud Storage Blog

Security and the Nasuni Filer: Why We Use OpenPGP

The Nasuni Filer has a long list of unique, novel features, but we will be the first to admit that our decision to build its security around OpenPGP is not exactly groundbreaking.  OpenPGP is the most widely used email encryption standard in the world.  As we noted earlier, this is precisely why we adopted it.  OpenPGP has been endlessly discussed, vetted, and attacked.  Each attack has failed.  The more failed attacks, the more proven the design.

Here are a few additional benefits:

Strong Ciphers

OpenPGP offers a small number of carefully selected ciphers to generate the random session keys that encrypt user data.  The Nasuni Filer currently uses AES-256—the only cipher approved by the NSA for use on Top Secret material.

Vetted Specifications

The standard specifies countless details, ensuring that users don’t leave any holes.  Cipher modes are just one example.  There are several ways to initialize the encryption of a given file, but not all of them mask data properly.  The electronic codebook (ECB) mode can reveal patterns that convey some information about the encrypted data, as shown in the middle picture below.  But OpenPGP calls for a variant of the cipher feedback (CFB) mode.  With CFB, the data is indistinguishable from random noise, as in the image on the right.

Cipher Feedback 

[Image credit: Larry Ewing

Built-in Modification Detection

An absolutely tamper-proof system would not be possible, since we do not control the clouds themselves, but with automatic modification detection, OpenPGP offers the next best thing.  While we cannot prevent tampering, via an accident or even a break-in at a cloud site, we can detect it using the modification detection code system.

These points will also be detailed in our forthcoming security white paper.  The paper will demonstrate that for all its benefits, OpenPGP is only part of the larger Nasuni security strategy.  The end result: The Filer keeps data safe on the wire and in the cloud.

David Shaw

David Shaw David is one of the founding engineers at Nasuni. He holds a number of patents and is a co-author on the OpenPGP standard. You'll find David writing about all things security and encryption.

What is Nasuni?

Meet the Bloggers

  • Andres Rodriguez
  • David Shaw
  • Ed DeJesus
  • Fred Pinkett
  • John Gniadek
  • Louis Abate
  • Rob Mason
  • Warren Arnold
  • Wayne St. Amand

Subscribe via email

Nasuni Buzz

  • @SIIASoftware
    Big congrats to @nasuni on being a finalist for the 2015 CODiE Awards! Good luck! #CODiE15 http://t.co/t8GGnjAlI1 22 hours ago
  • @InformationWeek
    NAS Is Sexy ... Again http://t.co/F07UZFUz8N 24 hours ago