As a Secure Online Storage, Wuala employs an elaborate encryption scheme to ensure the privacy of your data. This blog post will describe how Wuala's encryption works in layman's terms and what happens, when files are uploaded, shared, and downloaded.
1. Master keyWhen you enter your username and password, the Wuala client uses a so-called key derivation algorithm (PBKDF2) to derive your master key. For example, if your name is "Ted" and your password "Det", it mixes them up in a predefined way and ends up with something like "9B78EFC0457A3001E7ECC724147712A9". Normally, it is good if things are fast. Here, it is important that this derivation is as slow as possible but not slow enough for the user to notice (maybe 10ms). This helps to guard a little against brute-force attacks because if it takes 10ms to calculate the key from a password, an attacker can try at most 100 passwords per second. Still, if you want an attack to take millions of years, you should choose a password with ten characters, better more.
2. Folder treeOnce the master key is derived, Wuala downloads your root item from our servers and decrypts it with the key. If you have entered the wrong password, this results in unreadable garbage and Wuala asks you to enter it again. If the decryption is successful, you will get a list of your root folders and their encryption key. For example, it might say there is a folder 'Documents' that is encrypted with key "71D880EE...". When you access that 'Documents', Wuala downloads that folder item and decrypts it with its key. What it finds after decryption is another list of folders and their encryption keys. It's like a Matryoshka doll. Every folder can have additional folders and files in it encrypted with their own keys. Computer scientists call this "tree", with your root item being the root and your files being the leaves of the tree.
When a new folder is created, a new file or folder is created, a new random key is generated and inserted into the tree. The content of a file is treated in a special way. Here, the chosen encryption key is not random, but derived from the content itself. That way, if the same file is inserted twice, Wuala will choose the same key in both cases and end up with the same encrypted file content. This allows to detect duplicate files so you don't have to upload them again. Also, if you insert the same file twice, you only have to pay for it once.
3. SharingWhen sharing a folder, all you need to do is give your friends the key to that folder. With that key, it is possible to decrypt all the items in that branch of your folder tree. Basically, this is also the key you see in the URL when you share a folder with a secret weblink. When someone accesses such a file with the Wuala client, all decryption happens locally. However, when a file shared by weblink is accessed with a web browser, the key is sent to our servers so it can decrypt the requested items and send them to your browser. Even though our web servers forget the key after serving the web page, it is more secure to access files using the Wuala client as there, the key never needs to leave your computer.
When sharing a folder with a friend or inviting someone to a private group, the key of that folder or group is encrypted with the public key of that user and deposited on our servers. When logging in, the other user then can decrypt that message with his private key and gains access to the folder or group. When revoking access from a folder or removing a member from a group, all keys need to be exchanged. This can be compared to exchanging all the locks of a building. For large groups, this transaction can take a while to execute.
These are the basics of Wuala's encryption. Feel free to also read our publication called
Cryptree for a deeper understanding.
