Results 1 to 5 of 5

Thread: Viivo Security

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Viivo Development Alex's Avatar
    Join Date
    Jan 2013

    Viivo Security

    Here is some information on what security we use in the Viivo Application:

    Viivo uses a combination of symmetric encryption (AES-256) for the data and asymmetric encryption (RSA-2048) for the key material.

    Symmetric encryption uses less computational resources than asymmetric encryption, so it is more efficient and, therefore, attractive particularly for large volumes of data. Symmetric encryption uses a single key (the same key for encryption and decryption), which makes sharing challenging.

    Asymmetric encryption uses a public and a private key pair that have a unique relationship based on factoring the product of two large prime numbers. Data that is encrypted with one can only be decrypted using the other, and the complexity of the prime factor mathematical relationship is such that the work effort required to reverse-engineer one from the other makes it effectively impossible. Use of asymmetric keys for encryption is considered more secure but also is more computationally-intensive, which presents performance issues when processing large amounts of data. Asymmetric encryption facilitates sharing.

    Viivo incorporates a hybrid crypto solution that offers a blend of the two different encryption key approaches, gaining the best benefits of each without the disadvantages of either.

    On desktop, Viivo will encrypt any files (with the exception of certain temporary files) you place in your Viivo folder to your Viivo-Encrypted Dropbox folder to automatically sync them to the cloud. When securing your files, add unencrypted files to your Viivo folder (e.g. C:\Users\John_Doe\Viivo on Windows or /Users/John_Doe/Viivo on Mac OS X) where they will be safely encrypted and copied to Dropbox. Unencrypted files directly added to Viivo-Encrypted in Dropbox will be pulled out Dropbox and encrypted. There is a chance Dropbox will have already sent a plain text version of your data to their servers.

    When you create your account, a Viivo identity is created for you and represented as an RSA key pair. This key pair is encrypted and protected by your master password, so it’s critical that you remember your password or have Viivo remember it for you. However, Viivo does not provide a way for you to extract your password it simply uses it to log you in if you elect to have Viivo remember it. Your password is stored directly on your device and not in any files that are transmitted through the cloud so it is never out of your possession. Files that are yours alone (not shared) will be encrypted with keys for your use only. When you create a share or share with others, keys specific to that share are generated and used to secure the data files in that share only.

    On Mobile, files are decrypted on the fly. The files are only stored in their form from Dropbox (encrypted).
    Last edited by Alex; 09-03-2013 at 09:52 PM.
    Alex Robertson
    Software Engineer

    PKWARE, Inc.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts