Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Looking into the details it seems like they're using Convergent Encryption [1][2] in order to enable deduplication in iCloud drive and photos. Which would imply it is possible for an attacker to determine if your account is storing a file for which they know the plaintext. It's still a lot better than the status quo but that's a pretty big asterisk in my mind.

[1]https://support.apple.com/en-ca/guide/security/sec973254c5f/...

[2] https://smarx.com/posts/2020/09/convergent-encryption-and-wh...



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: