Quote:
Originally Posted by philrob
|
The issue is with the built-in encryption in the old standard, not putting encrypted contents in Zip files. Omni just uses Zip to make the files smaller, and there's nothing really stopping them (except convenience and a SMOP) from putting encrypted files in the Zip files.
Quote:
|
If the omni server got hacked and everybody's files copied - any criminal is likely to go through the plain text ones first leaving encrypted ones to the end. Assuming no security flaws that entirely defeat the key (Think WPA) if I have a very long and complex encryption key my data will be at the end of the list.
|
The bad guys don't know in advance that you have a long and complex key, do they?
I agree that encryption of the data before zipping could be useful, as it protects against a compromised server and makes eavesdropping on sync traffic (normally encrypted in transit) more difficult. With the current sync implementation, there's no need for the server to have your encryption credentials if the data is encrypted before zipping, so you don't have the DropBox situation where your data is encrypted but the people running the server can decrypt easily. It also protects against someone swiping the database off the client, which putting a password on the app does not (unless it is used to encrypt the data).