[Resource Topic] 2020/1439: Cryptographic Vulnerabilities and Other Shortcomings of the Nextcloud Server Side Encryption as implemented by the Default Encryption Module

Welcome to the resource topic for 2020/1439

Title:
Cryptographic Vulnerabilities and Other Shortcomings of the Nextcloud Server Side Encryption as implemented by the Default Encryption Module

Authors: Kevin "Kenny" Niehage

Abstract:

Nextcloud provides a server side encryption feature that is implemented by the Default Encryption Module. This paper presents cryptographic vulnerabilities that existed within the Default Encryption Module as well as other shortcomings that still need to be addressed. The vulnerabilities allowed an attacker to break the provided confidentiality and integrity protection guarantees. There is a high risk that ownCloud also contains some of the issues presented in this paper as it still has cryptographic code in common with Nextcloud.

ePrint: https://eprint.iacr.org/2020/1439

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .