The Nasuni Cloud Storage Blog

Security and the Nasuni Filer: Why We Use OpenPGP

The Nasuni Filer has a long list of unique, novel features, but we will be the first to admit that our decision to build its security around OpenPGP is not exactly groundbreaking.  OpenPGP is the most widely used email encryption standard in the world.  As we noted earlier, this is precisely why we adopted it.  OpenPGP has been endlessly discussed, vetted, and attacked.  Each attack has failed.  The more failed attacks, the more proven the design.

Here are a few additional benefits:

Strong Ciphers

OpenPGP offers a small number of carefully selected ciphers to generate the random session keys that encrypt user data.  The Nasuni Filer currently uses AES-256—the only cipher approved by the NSA for use on Top Secret material.

Vetted Specifications

The standard specifies countless details, ensuring that users don’t leave any holes.  Cipher modes are just one example.  There are several ways to initialize the encryption of a given file, but not all of them mask data properly.  The electronic codebook (ECB) mode can reveal patterns that convey some information about the encrypted data, as shown in the middle picture below.  But OpenPGP calls for a variant of the cipher feedback (CFB) mode.  With CFB, the data is indistinguishable from random noise, as in the image on the right.

Cipher Feedback 

[Image credit: Larry Ewing

Built-in Modification Detection

An absolutely tamper-proof system would not be possible, since we do not control the clouds themselves, but with automatic modification detection, OpenPGP offers the next best thing.  While we cannot prevent tampering, via an accident or even a break-in at a cloud site, we can detect it using the modification detection code system.

These points will also be detailed in our forthcoming security white paper.  The paper will demonstrate that for all its benefits, OpenPGP is only part of the larger Nasuni security strategy.  The end result: The Filer keeps data safe on the wire and in the cloud.

David Shaw

David Shaw David is one of the founding engineers at Nasuni. He holds a number of patents and is a co-author on the OpenPGP standard. You'll find David writing about all things security and encryption.

What is Nasuni?

Sign Up For Email Updates

Meet the Bloggers

  • Andres Rodriguez
  • Bill Fields
  • David Shaw
  • Ed DeJesus
  • Fred Pinkett
  • Joe Gately
  • John Capello
  • Louis Abate
  • Warren Arnold

Nasuni Buzz

  • @NephosTech
    .@NephosTech & @Nasuni enabling collaboration & reducing #storage complexity for another happy customer #HybridCloud 6 days ago
  • @adezay14
    .@Nasuni CEO to Discuss How to Store Protect & Share Patient Data With One HIPAA-Compliant Solution #HiMSS17 7 days ago
  • @CharlieFHDavies
    A great video detailing the partnership between Nasuni and Microsoft, and how we're redefining file storage together… 7 days ago