Skip to content

Instantly share code, notes, and snippets.

@gusbemacbe

gusbemacbe/Safeness of Cloud Storage Services.md

Last active June 20, 2020 03:41
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gusbemacbe/f4e7a936390cab103d1ed1602a1d4f7c to your computer and use it in GitHub Desktop.
Save gusbemacbe/f4e7a936390cab103d1ed1602a1d4f7c to your computer and use it in GitHub Desktop.
Download ZIP
Safeness of Cloud storage services with two-factor auth and long and strong password
Raw
Safeness of Cloud Storage Services.md

Hello and good evening, cryptographers, hackers and security information specialists!

I would like to hear your judgmental and sceptical feedback about the safeness of [git] cloud storage services accounts with two-factor authentication, and passwords of more than 16 special characters and case-sensitive alphanumerics, and the efficiency and usefulness of ccrypt and scrypt.

I've already been aware two-factor authentication sessions of [git] cloud storage services have already been broken, but the password of more than 20 characters (ambiguous characters, case-sensitive alphanumerics and symbols) can not be cracked because it takes 4 sextillion years to be totally deciphered.

I posted two topics Is it safe to back up the whole Firefox profile folder to my private dotfiles repository at GitHub/GitLab? And at Google Drive and Mega? on subreddit /r/firefox, and Is it possible to use synchronously and mutually Scrypt to encrypt and compress a directory in one command? on /r/linuxquestions.

Quick detail

I've two profiles folders that contain confidential information, and would like to back up and upload normally them to [git] cloud storage without compressing them. But I've been told that I should compress directories with confidential information with a strong password.

I'm not sure it's necessary to compress them if these cloud storage services have already two-factor authentication with a stronger password of more than 16 characters.

Important observations

  • I've already seen the video where a password-protected compressed file in formats RAR and ZIP could be cracked with John The Ripper, but the guy has informed me that John's usefulness is already limited, and a password of more than 16 characters can not be cracked.
  • I've read from another guy that an AES-encrypted password-protected compressed file created in format 7z created by 7zip can not be cracked.

Questions

Only three questions:

  • How safe are GitHub, GitLab, Gmail and Mega accounts with two-factor authentication and passwords of more than 16 ambiguous and special characters and case-sensitive alphanumerics?
  • How safe is a compressed file in format 7z and with an AES-encrypted password, created by 7zip on Linux? Or better to compress and encrypt with ccrypt (AES, but not one-time pad) or scrypt (AES and one-time pad)?
  • Is it necessary to compress a directory containing confidential information even if the [git] cloud storage services have already two-factor authentication with a very long and strong password?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment