The Nasuni Cloud Storage Blog

Security and the Nasuni Filer: Why We Use OpenPGP

The Nasuni Filer has a long list of unique, novel features, but we will be the first to admit that our decision to build its security around OpenPGP is not exactly groundbreaking.  OpenPGP is the most widely used email encryption standard in the world.  As we noted earlier, this is precisely why we adopted it.  OpenPGP has been endlessly discussed, vetted, and attacked.  Each attack has failed.  The more failed attacks, the more proven the design.

Here are a few additional benefits:

Strong Ciphers

OpenPGP offers a small number of carefully selected ciphers to generate the random session keys that encrypt user data.  The Nasuni Filer currently uses AES-256—the only cipher approved by the NSA for use on Top Secret material.

Vetted Specifications

The standard specifies countless details, ensuring that users don’t leave any holes.  Cipher modes are just one example.  There are several ways to initialize the encryption of a given file, but not all of them mask data properly.  The electronic codebook (ECB) mode can reveal patterns that convey some information about the encrypted data, as shown in the middle picture below.  But OpenPGP calls for a variant of the cipher feedback (CFB) mode.  With CFB, the data is indistinguishable from random noise, as in the image on the right.

Cipher Feedback 

[Image credit: Larry Ewing

Built-in Modification Detection

An absolutely tamper-proof system would not be possible, since we do not control the clouds themselves, but with automatic modification detection, OpenPGP offers the next best thing.  While we cannot prevent tampering, via an accident or even a break-in at a cloud site, we can detect it using the modification detection code system.

These points will also be detailed in our forthcoming security white paper.  The paper will demonstrate that for all its benefits, OpenPGP is only part of the larger Nasuni security strategy.  The end result: The Filer keeps data safe on the wire and in the cloud.

David Shaw

David Shaw David is one of the founding engineers at Nasuni. He holds a number of patents and is a co-author on the OpenPGP standard. You'll find David writing about all things security and encryption.

What is Nasuni?

Sign Up For Email Updates

Meet the Bloggers

  • Andres Rodriguez
  • Anne Blanchard
  • Bill Fields
  • Chris Sledz
  • David Shaw
  • Dezie Okpoebo
  • Ed DeJesus
  • Fred Pinkett
  • Joe Gately
  • John Capello
  • Louis Abate
  • Tony Giannini
  • Warren Arnold
  • Zeljko Dodlek

Nasuni Buzz

  • @andyhardy
    Loads of customers have been asking me how @Nasuni continuous file versioning provides last line of defense if malwa… 2 weeks ago
  • @ProperGuide
    Boston Tech Watch: iRobot, Bose, Nasuni, Endurance, Ascend & More 3 weeks ago
  • @BostInno
    Big personnel moves happened at @AffirmedNetwork, @Everbridge, @Hexadite, @mylestoned, @nasuni & @Qstream this month 1 month ago