Are public encrypted data in safe in Gaia?

#1

Hi :),

I am working on an app storing sensitive information and right now everyone has access to any data in user Gaia hub. This concerns me, because even though data are encrypted now , it’s possible that encryption used by Blockstack will be broken in not that distant future. In this case anyone collecting encrypted data will have access to them. Seems like more safe approach would be to have encrypted data on access limited places. I don’t see good reason for anyone other than parties trusted by user to have access. Ofc security is outside of my expertise so I would love hear your thoughts :slight_smile:

#2

If it makes you feel better, it’s ECIES with the secp256k1 curve, with a SHA256 HMAC and 256-bit AES-CBC symmetric key encryption. A break in any one of these primitives will have earth-shattering consequences well beyond Blockstack. Also, our encryption/decryption code implementation has also been audited by 3rd parties.

You can do this, but you’ll need to run your own Gaia hub that has an additional authorization requirement on the read path (the default one does not).

2 Likes
#3

@jude thank you for your answer.

Frankly it doesn’t make me feel that much better that we will end up in the mess together, it will be still a mess.

I am curious why is default Gaia hub open? From looking around my understanding is that there is work being done for application Gaia hubs so application am I correct?

Just for the future reference I found these posts helpful:
User-Selected Storage
Proposal: Per-app Gaia hubs in the profile