The Nasuni Filer has a long list of unique, novel features, but we will be the first to admit that our decision to build its security around OpenPGP is not exactly groundbreaking. OpenPGP is the most widely used email encryption standard in the world. As we noted earlier, this is precisely why we adopted it. OpenPGP has been endlessly discussed, vetted, and attacked. Each attack has failed. The more failed attacks, the more proven the design.
Here are a few additional benefits:
OpenPGP offers a small number of carefully selected ciphers to generate the random session keys that encrypt user data. The Nasuni Filer currently uses AES-256—the only cipher approved by the NSA for use on Top Secret material.
The standard specifies countless details, ensuring that users don’t leave any holes. Cipher modes are just one example. There are several ways to initialize the encryption of a given file, but not all of them mask data properly. The electronic codebook (ECB) mode can reveal patterns that convey some information about the encrypted data, as shown in the middle picture below. But OpenPGP calls for a variant of the cipher feedback (CFB) mode. With CFB, the data is indistinguishable from random noise, as in the image on the right.
[Image credit: Larry Ewing]
Built-in Modification Detection
An absolutely tamper-proof system would not be possible, since we do not control the clouds themselves, but with automatic modification detection, OpenPGP offers the next best thing. While we cannot prevent tampering, via an accident or even a break-in at a cloud site, we can detect it using the modification detection code system.
These points will also be detailed in our forthcoming security white paper. The paper will demonstrate that for all its benefits, OpenPGP is only part of the larger Nasuni security strategy. The end result: The Filer keeps data safe on the wire and in the cloud.