Encryption keys in OneDrive a security issue?
OK, this is fun. Security "experts" freaked on this one. I love security experts, they provide so much amusement for me.
I'll only concede one thing. Microsoft should provide an easy mechanism to back your encryption key up to an external drive, thus allowing the paranoid to "protect" themselves.
For the rest of you, this is not a concern. It is a calculated risk, and a VERY one sided one at that. As low as the odds are that your data would need protection in the first place, the circumstances under which your encryption key being stored on OneDrive would compromise your data is even lower. And on top of that, for the average user with encrypted data, compared to those things, the odds that you would need a recovery key for your data which you didn't do by yourself is MUCH higher (though admittedly still quite low).
Any sort of non disk related hardware failure might lead to needing to retrieve data from an encrypted drive. These happen all of the time. Most people will just chuck the computer and buy a new one. But in some cases there may be critical information on the hard drive you need to get back. And even if you don't, having the drive encrypted grants some piece of mind that someone doesn't take your junked computer and retrieve your personal information. For a society regularly shitting their pants over the near non-existent chance that you're being hacked or spied on this should come as a pleasant surprise.
Electronics are still a hot commodity for thieves as well. An unencrypted drive might tell a thief a lot about you that you don't want them to know. Personal information and browsing history for example might be enough for them to fool a bank agent into giving them access to your accounts. Browsing history could tell them which banks you deal with, while personal information on the phone might reveal answers to secret questions (or better yet, if you have a file with passwords, etc...). Of all of the possible things in this post where device is actually a concern, having a device stolen is the most likely.
So, those are the arguments in favor. The arguments against basically amount to Microsoft could be compelled to give your encryption key(s) to law enforcement or that OneDrive may be hacked. These are of course possibilities. BUT... even if someone gets your encryption keys, they still need your physical device to actually get the data. Random hackers getting into OneDrive are HIGHLY unlikely to both succeed at getting the encryption key and your drive unless you're the target of a HIGHLY sophisticated attack... in which case you were probably screwed anyway.
If law enforcement can get a sufficient court order to make them hand over that data, then they will probably also have a warrant for your device. But the circumstances under which they could get such a warrant and court order... you're either guilty or would freely give them access to help clear your name.
But that isn't where it ends. If the keys weren't stored in OneDrive, most people wouldn't have device encryption in the first place. The only reliable way to default encryption on a device is with a reliable recovery method. So, either Microsoft automatically stores it in the cloud or forces you to do it. Most people wouldn't go through the hassle so it would be defaulted to off. And, since both cases where your data would be compromised above require that they have the physical device already and it is now un-encrypted, all you've done is made it easier. Getting a warrant for a laptop is a LOT easier than getting a court order to force a company to violate their privacy policies. Stealing a laptop is a LOT easier than stealing a laptop AND hacking into OneDrive.
If you're still concerned... encrypt your data within your encrypted drive. Nothing is stopping you from adding another layer of encryption which you have full control over and it isn't like such tools aren't widely available. The people truly concerned about this are likely already doing this. Those who aren't are either unconcerned or would burdened by trying to maintain a solution like that.
So yes, Microsoft is storing your encryption keys. As such, you don't have to. And that still makes you more secure than not encrypting your drive at all.
I'll only concede one thing. Microsoft should provide an easy mechanism to back your encryption key up to an external drive, thus allowing the paranoid to "protect" themselves.
For the rest of you, this is not a concern. It is a calculated risk, and a VERY one sided one at that. As low as the odds are that your data would need protection in the first place, the circumstances under which your encryption key being stored on OneDrive would compromise your data is even lower. And on top of that, for the average user with encrypted data, compared to those things, the odds that you would need a recovery key for your data which you didn't do by yourself is MUCH higher (though admittedly still quite low).
Any sort of non disk related hardware failure might lead to needing to retrieve data from an encrypted drive. These happen all of the time. Most people will just chuck the computer and buy a new one. But in some cases there may be critical information on the hard drive you need to get back. And even if you don't, having the drive encrypted grants some piece of mind that someone doesn't take your junked computer and retrieve your personal information. For a society regularly shitting their pants over the near non-existent chance that you're being hacked or spied on this should come as a pleasant surprise.
Electronics are still a hot commodity for thieves as well. An unencrypted drive might tell a thief a lot about you that you don't want them to know. Personal information and browsing history for example might be enough for them to fool a bank agent into giving them access to your accounts. Browsing history could tell them which banks you deal with, while personal information on the phone might reveal answers to secret questions (or better yet, if you have a file with passwords, etc...). Of all of the possible things in this post where device is actually a concern, having a device stolen is the most likely.
So, those are the arguments in favor. The arguments against basically amount to Microsoft could be compelled to give your encryption key(s) to law enforcement or that OneDrive may be hacked. These are of course possibilities. BUT... even if someone gets your encryption keys, they still need your physical device to actually get the data. Random hackers getting into OneDrive are HIGHLY unlikely to both succeed at getting the encryption key and your drive unless you're the target of a HIGHLY sophisticated attack... in which case you were probably screwed anyway.
If law enforcement can get a sufficient court order to make them hand over that data, then they will probably also have a warrant for your device. But the circumstances under which they could get such a warrant and court order... you're either guilty or would freely give them access to help clear your name.
But that isn't where it ends. If the keys weren't stored in OneDrive, most people wouldn't have device encryption in the first place. The only reliable way to default encryption on a device is with a reliable recovery method. So, either Microsoft automatically stores it in the cloud or forces you to do it. Most people wouldn't go through the hassle so it would be defaulted to off. And, since both cases where your data would be compromised above require that they have the physical device already and it is now un-encrypted, all you've done is made it easier. Getting a warrant for a laptop is a LOT easier than getting a court order to force a company to violate their privacy policies. Stealing a laptop is a LOT easier than stealing a laptop AND hacking into OneDrive.
If you're still concerned... encrypt your data within your encrypted drive. Nothing is stopping you from adding another layer of encryption which you have full control over and it isn't like such tools aren't widely available. The people truly concerned about this are likely already doing this. Those who aren't are either unconcerned or would burdened by trying to maintain a solution like that.
So yes, Microsoft is storing your encryption keys. As such, you don't have to. And that still makes you more secure than not encrypting your drive at all.
Comments
Post a Comment