Linux

Crypton for developers: Toward cryptographically-secure cloud apps

A new open source project called Crypton hopes to put a reusable cryptographic solution in the hands of cloud app developers, providing easy, built-in encryption of user data.

Crypton is an in-progress open source project from the developers of SpiderOak that seeks to solve a big privacy and security problem with cloud applications -- how to protect the data you entrust to these various applications from the potential security failures of the service provider. While many vow they will never put their sensitive data in the cloud in the first place, there are many others who want to take advantage of the many conveniences that cloud services provide -- from accessibility to collaboration.

The developers of Crypton describe their aims this way:

We love using and building cloud applications, and we'd prefer not to to wait another 5 years for awareness to increase and meaningful privacy to be a standard feature in cloud apps.

We're making this framework available to everyone, building our own next generation of apps on top of it, and looking forward to the rich ecosystem of privacy preserving cloud apps to come.

The idea is that developers would be able to build encryption into their apps that would effectively hide user data -- even from the service provider. If this sounds kind of familiar, it's very similar to the security level offered by Kim Dotcom's new service, Mega.

A "generalized, reusable" package that would relieve developers of the additional difficulty of building a cryptographic solution of their own sounds great, but what is the downside? Well, the same downside as always: if Crypton were to be used as widely as they hope, then any security flaw in Crypton itself would compromise all apps that used it.

That being said, it's an interesting project that has the potential to improve the current state of user data privacy and security in the area of cloud applications. If you want to get in on the early stages of this project, the recently-released proof-of-core-concepts code (v.0.01) is available from GitHub with this warning: "It is not yet intended for production use until v0.1.0. There are known serious bugs and weaknesses."

For more information visit the Crypton Q&A page and see the GitHub README doc.

About

Selena has been at TechRepublic since 2002. She is currently a Senior Editor with a background in technical writing, editing, and research. She edits Data Center, Linux and Open Source, Apple in the Enterprise, The Enterprise Cloud, Web Designer, and...

0 comments

Editor's Picks