You should not advertise Seafile as a safely encrypted solution. #490
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#490
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
In my last issue about Seafile I talked about issue 350
But maybe an even bigger problem is that Seafile uses only 1000 rounds of sha256 for its Key-derivation-function. In the Seafile user manual it says :
It should be said that in the year 2018 bcrypt ,scrypt or argon2 would be a far better choice , but regardless of that 1000 rounds are not enough. And that it not just me being paranoid. A qoute from pbkdf2s Wikipedia page :
This together with the issue 350 ( which is unfixed for almost 5 years ) , can only mean that the developers of Seafile don't take Security as serious as they claim.
I don't get this?
Seafile is not recommended since its client side encryption is not good enough, while Nextcloud is on the list, even though it doesn't have E2EE (i.e. it's still in alpha)? If you self host, then it doesn't matter since server side encryption is good. If you use one of available providers, than it is easier for them to access your Nextcloud files than those on Seafile server with E2EE.
So until Nextcloud client side encryption is ready for use, and audited, either both of these platforms should be recommended or not recommended.
@kewde
@nenadandric feel free to make a PR to remove the whole section.
Perhaps S4 is a decent solution, but ideally we have a section with at least 2 decent projects.
3 years has passed, is this still a reality or the seafile team has fixed this issue?