Researchers respond to developer’s accusation that they used crypto wrong

Ars Technica 2015-09-08

Researchers who developed a set of attacks against encryption schemes in CryptDB—a  technology seen by many as key in creating secure cloud-based database applications—faced a rebuttal from one of the technology’s developers last week, who essentially claimed they were testing it the wrong way. In a series of e-mails to Ars, both the research team and CryptDB’s original lead developer have further responded to each other’s claims. And one of the researchers responded at length to the rebuttal in a blog post on Monday, further pressing his case.

As Ars reported last week, CryptDB is central to many efforts to easily add strong security to existing Structured Query Language-based applications—and to move some of those applications safely into private and public cloud database services.

“The awesome thing about CryptDB is that you can store your data in encrypted form without rewriting your apps,” said Charles Wright of Portland State University, one of the authors of the paper, in an e-mail to Ars. “That's what makes CryptDB such an exciting system, and why so many other groups have taken up the idea and run with it.”

Read 13 remaining paragraphs | Comments