First, this is how Wuala works: You as an user place a file in the client. The file gets encrypted (including using your password and username) and then gets uploaded and split into different pieces. We are currently using AES-256 for encryption (and RSA 2048 fpr signature and key exchange when sharing a folder and SHA-256 for integrity checks). The password does NOT get transmitted and there is nothing like a master key or similar. That means in worst ever case if someone would have access to our servers somehow, they'd get a piece of encrypted data which is not readable and not decryptable (not even for us as the provider.
Secondly, some people tend to confuse security with anonymity. Wuala is secure, but how about anonymity? We have your email address, your username and we know how much storage space you have. As you see, that is not anonymous, but has nothing to do with the security of your files.
Are we planning to open source the code? Eventually yes, but as we already stated, this takes a lot of time and effort. Oh and yes, we are nice guys. Not because we're Swiss, but in general :)
Hey Gianluca, I was under the impression the latest major revision of Wuala removed all distribution features, so files are no longer split into difference pieces. Instead they are now stored on your central servers.
So basically the encryption key for the specific folder is in the shared url, and wuala servers decrypt the content to the user's browser.
If sharing is disabled then a new key is created and used locally to decrypt/encrypt directly from the client.
Thanks!
First, this is how Wuala works: You as an user place a file in the client. The file gets encrypted (including using your password and username) and then gets uploaded and split into different pieces. We are currently using AES-256 for encryption (and RSA 2048 fpr signature and key exchange when sharing a folder and SHA-256 for integrity checks). The password does NOT get transmitted and there is nothing like a master key or similar. That means in worst ever case if someone would have access to our servers somehow, they'd get a piece of encrypted data which is not readable and not decryptable (not even for us as the provider.
Secondly, some people tend to confuse security with anonymity. Wuala is secure, but how about anonymity? We have your email address, your username and we know how much storage space you have. As you see, that is not anonymous, but has nothing to do with the security of your files.
Are we planning to open source the code? Eventually yes, but as we already stated, this takes a lot of time and effort. Oh and yes, we are nice guys. Not because we're Swiss, but in general :)