Flaws detected in the Owncloud encryption module

First it is important to understand what this encryption module is actually supposed to do and understand the threat scenario. The encryption provides no security against a malicious server operator, because the encryption happens on the server. The only scenario where this encryption helps is if one has a trusted server that is using an untrusted storage space.

Source: Pwncloud – bad crypto in the Owncloud encryption module – Hanno’s blog

A good read, but also worth noting that encrypting data at rest on a server is rarely bullet proof anyway. If an attacker can get access to the server they can decrypt the data. I wouldn’t even bother encrypting the data store for something like Owncloud anyway since the data is at the end of a long chain where significant security is needed. For example, is the local copy of the data encrypted? Is the web component using HTTPS? Are Owncloud accounts secure with long passwords and 2FA? Is access to the sever running Owncloud properly secure with very limited access? Encrypting data at rest in Owncloud is the least of my worries.

My Twitter Digest for 04/01/2016

GitHub adds commit squashing to tidy up your commit history

Commit squashing has the benefit of keeping your git history tidy and easier to digest than the alternative created by merge commits. While merge commits retain commits like “oops missed a spot” and “maybe fix that test? [round 2]”, squashing retains the changes but omits the individual commits from history. Many people prefer this workflow because, while those work-in-progress commits are helpful when working on a feature branch, they aren’t necessarily important to retain when looking at the history of your base branch.

Squash your commits – GitHub

New feature allows for cleaner commits in your code and more suitable for a broader range of workflows.