Results 1 to 7 of 7

Thread: Why is there a need for Viivo account?

  1. #1

    Why is there a need for Viivo account?

    When you start using Viivo app, it asks to create a Viivo account with your email & password. I suppose this creates online account on servers at Viivo.

    Why is there a need for an online account since the encryption is done at local devices?

    What info are being transmitted from Viivo clients to servers at Viivo?

    Is there any staff at Viivo that is able to encrypt and see my files?

    Do you use our email address for any other purpose other than login identity?

    Thanks

  2. #2
    Viivo Staff
    Join Date
    Apr 2013
    Posts
    565
    Hey Zaccyee,

    You have some great questions. I suggest you take a look at this page http://www.viivo.com/how-security-works/ as I think most of your questions are answered here. Creating the Viivo account helps keep your keys away from your encrypted data. Viivo is not a cloud provider so Viivo does not have any data you upload to the cloud. If you have other questions, please let us know.

    Jack

  3. #3
    Hi Jack,

    Sorry to resurrect this. I registered just so I can post this because I am considering purchasing one of your paid plans and I had the same questions as @zaccyee. I've read the page you pointed to and the only relevant bit is the following:

    The latest edition of Viivo stores security keys separately from Dropbox, Box, OneDrive and Drive so that they are kept as private as possible. This system keeps your public and private key pairs in separate locations, and they cannot be correlated outside of the application. Although we do not store your passphrase or private key on the server, Viivo does support passphrase recovery through a secure process that uses data on the server with data on your Viivo-enabled device.

    This does not answer the questions. The fact that Viivo is closed source makes it worse, since you effectively require me to trust Viivo. For example, your client could sent my private key to Viivo in an encrypted form that I can't work out even if I sniff it with tcpdump/wireshark ... this in turn kind of defeats the purpose of client-side encryption.

    There is no need to store anything on Viivo servers for client-side encryption to work. In fact, the Viivo client has no need to transmit anything at all to/from the internet. Encryption/decryption should be completely local, using a private key itself encrypted by my password. Just the same as if I was to create an EncFS container, similar to what Viivo does. Even if it had to transmit anything to the internet, there is still no need at all to store any keys on Viivo servers: the public key can be transmitted by the client when needed, then the data decrypted/encrypted locally using the private key.

    Although the above paragraph is a little vague, you appear to say that you store the public keys on the Viivo server to make it more secure by having the public and private keys in different places. That's surprising to say the least, if not just a tad funny. It's called "public key" for a reason, and private + public keys have been residing in the same place for a lot of secure systems without compromising security, e.g. good old SSH. There is no added security by storing the public key elsewhere (it's publicly sniffable anyway).

    Also, although the Viivo client is closed source and does send/receive data to/from the internet, your ToS claims "NO WARRANTY. YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT INSTALLATION AND/OR USE OF VIIVO CLIENT AND ANY RELATED SERVICES ARE AT YOUR SOLE RISK AND THAT THE ENTIRE RISK AS TO SATISFACTORY QUALITY, PERFORMANCE, ACCURACY AND EFFORT IS WITH YOU." ... that's a little odd given it's closed source and requires an Internet connection.

    Since it cannot be for security reasons, can you please actually explain why there is an actual need at all to store any information on Viivo servers?

    Please assume you're addressing an above-average knowledgeable audience wrt security and encryption (info such as the above paragraph is vague and doesn't really explain it).

    Final question: I haven't yet inspected the internet traffic to/from the Viivo client and while I don't criticise you for not providing the sources, I would feel a lot better if the data to/from the Viivo client was accessible to me. Is that the case?

    Best,
    Alex.

    p.s. The Viivo client also has a "Send usage statistics" option enabled with I can't disable ... not ideal.
    Last edited by alexw; 02-23-2015 at 09:28 PM.

  4. #4
    Viivo Staff
    Join Date
    Apr 2013
    Posts
    565
    Quote Originally Posted by alexw View Post
    Hi Jack,

    Sorry to resurrect this. I registered just so I can post this because I am considering purchasing one of your paid plans and I had the same questions as @zaccyee. I've read the page you pointed to and the only relevant bit is the following:

    The latest edition of Viivo stores security keys separately from Dropbox, Box, OneDrive and Drive so that they are kept as private as possible. This system keeps your public and private key pairs in separate locations, and they cannot be correlated outside of the application. Although we do not store your passphrase or private key on the server, Viivo does support passphrase recovery through a secure process that uses data on the server with data on your Viivo-enabled device.

    This does not answer the questions. The fact that Viivo is closed source makes it worse, since you effectively require me to trust Viivo. For example, your client could sent my private key to Viivo in an encrypted form that I can't work out even if I sniff it with tcpdump/wireshark ... this in turn kind of defeats the purpose of client-side encryption.
    I am not sure if I completely agree with this statement. You are still encrypting your data that only you have. You post an encrypted version of your private key to the server. We cannot decrypt your private key. It's just cipher text to us. You can sniff that out in your tools if you want. You are still encrypting your data with a key that you own and only you have access to. So when you encrypt your data with the keys you create in Viivo, you are client side encrypting your data.

    Quote Originally Posted by alexw View Post
    There is no need to store anything on Viivo servers for client-side encryption to work. In fact, the Viivo client has no need to transmit anything at all to/from the internet. Encryption/decryption should be completely local, using a private key itself encrypted by my password. Just the same as if I was to create an EncFS container, which is (similar to) what I assume Viivo does. Even if it had to transmit anything to the internet, there is still no need at all to store any keys on Viivo servers: the public key can be transmitted by the client when needed, then the data decrypted/encrypted locally using the private key.
    Viivo itself is a client application that can run on desktops (windows/mac), Android and iOS. The reason the encrypted private key is posted to the server is for the transfer of your key, and even the backing up of the key. The delivering and management of the encrypted version of your key is the real value add Viivo provides. Viivo will also work when you are offline if you have all the keys already.

    Quote Originally Posted by alexw View Post
    Although the above paragraph is a little vague, you appear to say that you store the public keys on the Viivo server to make it more secure by having the public and private keys in different places. That's surprising to say the least, if not just a tad funny. It's called "public key" for a reason, and private + public keys have been residing in the same place for a lot of secure systems without compromising security, e.g. good old SSH. There is no added security by storing the public key elsewhere (it's publicly sniffable anyway).
    This statement is actually based on how Viivo 1.0 was built and functioned. There was no key server, but all your keys were stored in Dropbox (again, encrypted) but you were then storing your data and your keys (encrypted) all with Dropbox.

    Quote Originally Posted by alexw View Post
    Also, although the Viivo client is closed source and does send/receive data to/from the internet, your ToS claims "NO WARRANTY. YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT INSTALLATION AND/OR USE OF VIIVO CLIENT AND ANY RELATED SERVICES ARE AT YOUR SOLE RISK AND THAT THE ENTIRE RISK AS TO SATISFACTORY QUALITY, PERFORMANCE, ACCURACY AND EFFORT IS WITH YOU." ... that's a little odd given it's closed source and requires an Internet connection.

    Since it cannot be for security reasons, can you please actually explain why there is an actual need at all to store any information on Viivo servers?
    It's really for convenience of managing and transferring your keys. Viivo is really built to make the key management for encrypting your data easy. We fully understand there is a security posture that every individual takes. Viivo is not for every type of security posture. If you do not want to trust a key server with an encrypted version of your private key because you don't feel comfortable, we actually fully understand you and do not blame you.

    Quote Originally Posted by alexw View Post
    Please assume you're addressing an above-average knowledgeable audience wrt security and encryption (info such as the above paragraph is vague and doesn't really explain it).

    Final question: I haven't yet inspected the internet traffic to/from the Viivo client and while I don't criticise you for not providing the sources, I would feel a lot better if the data to/from the Viivo client was accessible to me. Is that the case?

    Best,
    Alex.
    Sniffing the traffic will be a bit hard as all endpoints except for 1 (our etag which checks for updates in your account metadata) are done on https and you will need to decrypt the traffic we are transmitting. If you try to pull man in the middle, the Viivo client will detect you do not have our certificate on your proxy and will stop communicating. So it's not going to be easy for you to see you the actual decrypted transmissions.

    If you are wondering what data is "stored", you can look at the .meta folder in your application data folder under Viivo.

    Update:
    if it wasn’t clear, the account on the server exists for convenience to the user. If you are looking for more secure option (no server), PKWARE has the product for you too, it’s called SecureZip.

  5. #5
    New User
    Join Date
    Aug 2015
    Posts
    3
    The above post was a good read.

    My question is also related to security but on the device itself. Viivo has the option to remember the password and automatically login to Viivo when I login to W7. Where is this password stored? It it in the encrypted 3DES Windows 7 container? This would be fine but this is not clear to me whether this is the case. Where on the computer is this password stored? Please do not tell me it is stored in a plaintext file somewhere.

  6. #6
    Viivo Staff matt's Avatar
    Join Date
    Jan 2013
    Location
    Milwaukee
    Posts
    207
    For Windows, Viivo passwords are stored in the Windows Credential Manager: Control Panel\All Control Panel Items\Credential Manager

    You'll find it in the "generic credentials" section. The protection is only as good as your user account. If you want to increase the protection (layered approach in the event your user account password gets compromised) you can always configure Viivo to *not* remember your password and/or setup MFA.
    --
    Matt

  7. #7
    Viivo Staff matt's Avatar
    Join Date
    Jan 2013
    Location
    Milwaukee
    Posts
    207
    Given you mentioned 3DES I should probably clarify that the Windows XP credential manager used 3DES, SHA1 for hashing and Windows' own CryptDeriveKey() function for key derivation. Windows 7 uses AES256 in CBC mode with SHA512 for hashing and 5600 rounds of PBKDF2

    Regardless, it's still only as strong as your user account.
    --
    Matt

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •