The Nasuni Cloud Storage Blog

Security and the Nasuni Filer: Why We Use OpenPGP

The Nasuni Filer has a long list of unique, novel features, but we will be the first to admit that our decision to build its security around OpenPGP is not exactly groundbreaking.  OpenPGP is the most widely used email encryption standard in the world.  As we noted earlier, this is precisely why we adopted it.  OpenPGP has been endlessly discussed, vetted, and attacked.  Each attack has failed.  The more failed attacks, the more proven the design.

Here are a few additional benefits:

Strong Ciphers

OpenPGP offers a small number of carefully selected ciphers to generate the random session keys that encrypt user data.  The Nasuni Filer currently uses AES-256—the only cipher approved by the NSA for use on Top Secret material.

Vetted Specifications

The standard specifies countless details, ensuring that users don’t leave any holes.  Cipher modes are just one example.  There are several ways to initialize the encryption of a given file, but not all of them mask data properly.  The electronic codebook (ECB) mode can reveal patterns that convey some information about the encrypted data, as shown in the middle picture below.  But OpenPGP calls for a variant of the cipher feedback (CFB) mode.  With CFB, the data is indistinguishable from random noise, as in the image on the right.

Cipher Feedback 

[Image credit: Larry Ewing

Built-in Modification Detection

An absolutely tamper-proof system would not be possible, since we do not control the clouds themselves, but with automatic modification detection, OpenPGP offers the next best thing.  While we cannot prevent tampering, via an accident or even a break-in at a cloud site, we can detect it using the modification detection code system.

These points will also be detailed in our forthcoming security white paper.  The paper will demonstrate that for all its benefits, OpenPGP is only part of the larger Nasuni security strategy.  The end result: The Filer keeps data safe on the wire and in the cloud.

David Shaw

David Shaw David is one of the founding engineers at Nasuni. He holds a number of patents and is a co-author on the OpenPGP standard. You'll find David writing about all things security and encryption.

Subscribe via email

What is Nasuni?

Meet the Bloggers

  • Andres Rodriguez
  • David Shaw
  • Ed DeJesus
  • Fred Pinkett
  • John Gniadek
  • Louis Abate
  • Rob Mason
  • Warren Arnold
  • Wayne St. Amand

Nasuni Buzz

  • @NeustroIT
    Watch this 90 second clip http://t.co/Q7evPSHnFM As growth in cloud-based storage products continues to accelerate, enterprise vendors hav… 2 days ago
  • @pfhllnts
    It fills me with pride to see my #python #netsnmpagent module trusted enough for use in a @Nasuni product :) http://t.co/g6mYZPQ0Fi 3 days ago
  • @NephosTech
    Article on how @NephosTech partners @Nasuni are providing storage for builders with their BIM file bash http://t.co/Mkub73aFiP #Cloud 2 weeks ago
  • @NeustroIT
    We received an early #ChristmasSurprise this afternoon from @Nasuni - Thank you these will go down a treat :) http://t.co/cDWcmW7M69 2 weeks ago