Is disabling file name encryption (in future versions) a very bad idea?

ccchan · March 24, 2018, 1:34pm

suppose i put chrome-setup.exe on google drive, with cryptomator.

and what google + NSA know is the encrypted file of chrome-setup.exe, BUT
they know the name.

And they simply can obtain the SAME file chrome-setup.exe from web (e.g. google s cache),
then they can calculate the key I used for this encryption.
And using the key, they can know ALL my other files encryption.

Is it like that?

if Yes, then caution must be taken to warn users the danger of optional enable/disable of file name encryption.

ps: competitor BC 's free version have no file name encryption, I now consider it a rubbish.
I only use it to encrypt movies now.

thanks

Michael · March 24, 2018, 6:00pm

You describe a known-plaintext attack

As far as I know there is no confirmed, successful known plaintext attack against AES. And you can not calculate the key from it.
So my answer is: no
If you are interested in “why” AES is resistant to this attack, you may read more about differential cryptanalysis

My opinion on the encryption of file names is:
Encrypting the file names is essential to protect my privacy data. Especially if the storage provider is Google, Microsoft or Apple, whose business it is to know and commercialize these info’s, e.g. for more successful marketing
Example:
I have a scan of my insurance policy. The file name contains the type of insurance as well as the provider of the insurance. I would now like to backup this scan securely online. Under no circumstances do I want Google to know where, and against what I am insured.
This is the reason I never used one of the known competitors, because they offer filename encryption only with monthly fees (so far the ones I have found jet).
Before I endet up at cryptomator, I used 7zip AES encryption (which offers filename encryption as well). But of course this is way less comfortable than cryptomator.

App_User · March 25, 2018, 7:33am

Supposedly Sync.com doesn’t know the names of the files you have. Files and folders are assigned an ID, though.

Michael · March 25, 2018, 8:59am

Yes. And high limitations if you don’t want to pay. For example 5GB max storage.
Even if it would be free: I never wanted a new storage provider. I was just looking for a solution of encrypting existing storage and found cryptomator. Therefore the comparison with sync.com lags.
(I think we’re getting off topic now )

App_User · March 25, 2018, 9:11am

I see, that makes sense.

Sorry for going off-topic, I saw that you mentioned Apple and Google, so I thought that you were referring to cloud storage.