Quote:
As OF files are zipped, how complex would it be to encrypt prior to sync?
That said, there are some issues with encryption with zip files. http://en.wikipedia.org/wiki/Zip_(fi...at)#Encryption |
Quote:
If the omni server got hacked and everybody's files copied - any criminal is likely to go through the plain text ones first leaving encrypted ones to the end. Assuming no security flaws that entirely defeat the key (Think WPA) if I have a very long and complex encryption key my data will be at the end of the list. |
I agree that encryption of the data before zipping could be useful, as it protects against a compromised server and makes eavesdropping on sync traffic (normally encrypted in transit) more difficult. With the current sync implementation, there's no need for the server to have your encryption credentials if the data is encrypted before zipping, so you don't have the DropBox situation where your data is encrypted but the people running the server can decrypt easily. It also protects against someone swiping the database off the client, which putting a password on the app does not (unless it is used to encrypt the data).