Reply
Thread Tools
Posts: 132 | Thanked: 141 times | Joined on Jan 2012
#1
Quoting http://engadget.com/ on this as I'm a lazy duck

After Canonical asked the world for $32 million to produce its Ubuntu Edge handset, $3.2 million seems like small potatoes, right? All right, it's still a bunch, but QSAlpha's got some big plans for the money. The Quasar IV promises unprecedented security, according to the company's new Indiegogo campaign. That entails military-grade encryption, with either 64- or 128GB of encrypted local storage augmented by a lofty 128GB encrypted in the cloud. The idea here is to "leave no trace in the digital world," and just to be clear, the company's got a ninja in its pitch video to really drive the point home. In fact, ninjas were apparently QSAlpha's starting point: "if a ninja had a phone, what would it look like?" We'd guess more sharpened corners and maybe some smoke bombs, but this is a start.
You can read more about the campaign on http://www.indiegogo.com/projects/qsalpha-quasar-iv

The Quasar IV will be production ready in March 2014 and available to the general public in June 2014. Indiegogo backers will receive the Quasar IV in April 2014. The Quasar IV offers the following key features:

• Advanced trusted-authentication technology called Quatrix

• Unique digital signature and key computation methodology to protect your digital identity

• Quad-core 2.3GHz CPU, 3GB RAM, 64/128GB encrypted local storage and 128GB encrypted cloud storage

• Dual rear cameras for advanced augmented reality applications

• Android OS with an encryption layer

• Open SDK for the developer community

• Dual LTE with support for 3G and GSM networks

Own opinion: screen looking nice - Jolla get Sailfish running on it by default
 

The Following User Says Thank You to RX-51 For This Useful Post:
Estel's Avatar
Posts: 5,028 | Thanked: 8,613 times | Joined on Mar 2011
#2
Not that it should be able to do anything, that we couldn't *if* Neo900 appears - maybe quazar could do some things faster, *if* they're going to use some specialized-for-encryptions CPU additions.

But, frankly that part about, "secure storage in the cloud" - what are they smoking? If they're doing product for secure-freaks, they shouldn't use such "snake oil" terms, as it makes them look less professional in eyes of potential customers.

When your data is on some funny server you don't control, somewhere on the net, it is *never* secure. Anytime, gov. guys may demand access, and you will never know it. Not to mention secret, but mandatory backdoors (germany and USA anonymizers, anyone?).

/Estel
__________________
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!

Last edited by Estel; 2013-09-18 at 03:59.
 

The Following 6 Users Say Thank You to Estel For This Useful Post:
Posts: 669 | Thanked: 433 times | Joined on May 2010
#3
Originally Posted by Estel View Post
Not that it should be able to do anything, that we couldn't *if* Neo900 appears - maybe quazar could do some things faster, *if* they're going to use some specialized-for-encryptions CPU additions.

But, frankly that part about, "secure storage in the cloud" - what are they smoking? If they're doing product for secure-freaks, they shouldn't use such "snake oil" terms, as it makes them look less professional in eyes of potential customers.

When your data is on some funny server you don't control, somewhere on the net, it is *never* secure. Anytime, gov. guys may demand access, and you will never know it. not to mention secret, but mandatory backdoors (germany and USA anonymizers, anyone?).

/Estel
Well, not totally accurate - they can provide client (device) server (cloud) software that can use strong encryption - both of data transportation and storage - access to such data is irrelevant as it is assumed to be strongly encrypted.

Generally - this is probably a software solution and therefore can be implemented in N900 too - even without the server side software. encryption of data can be executed on the device itself, and using a regular cloud storage server.

There is a lot of buzz around "data protected devices/services" since the news about NSA came - as this subject cannot be understood by the majority of simple smartphone users, it is easy to sell solutions using magic words.

do we have data/drive encryption applications for the N900 with 512/1024 bit keys? i know truecrypt's best encryption (which I use) uses 256bit...

Last edited by impeham; 2013-09-18 at 01:23.
 

The Following 3 Users Say Thank You to impeham For This Useful Post:
Posts: 2,225 | Thanked: 3,822 times | Joined on Jun 2010 @ Florida
#4
Originally Posted by Estel View Post
]When your data is on some funny server you don't control, somewhere on the net, it is *never* secure. Anytime, gov. guys may demand access, and you will never know it. not to mention secret, but mandatory backdoors (germany and USA anonymizers, anyone?).
To be fair, if the encryption key/password/whatever never leaves your phone, and they're just storing the encrypted data directly in the cloud, then it's only slightly less secure than your physical phone itself. Yes, a government could get the data, and you should always assume their bruteforcing abilities are way better than a normal attackers, but if the encryption algorithm is good and it's encrypted/decrypted phone-side only, even if they get it it should in theory take them a decently long time to crack it.

After all, there has been at least one case where the FBI for instance gave up trying to crack a password to a computer that was full-disk encrypted and made a court compel the suspect to type in his own passphrase. Sure, you ARE sacrificing a layer of security, but what remains is still substantial.

But yeah, I really really hope they encrypt/decrypt it ONLY phoneside and nowhere else (and are upfront that you are sacrificing a layer of security when using cloud storage). If they fail to do so, then like you say, it is snake oil peddling.
 

The Following 3 Users Say Thank You to Mentalist Traceur For This Useful Post:
Estel's Avatar
Posts: 5,028 | Thanked: 8,613 times | Joined on Mar 2011
#5
Originally Posted by Mentalist Traceur View Post
To be fair, if the encryption key/password/whatever never leaves your phone, and they're just storing the encrypted data directly in the cloud, then it's only slightly less secure than your physical phone itself. Yes, a government could get the data, and you should always assume their bruteforcing abilities are way better than a normal attackers, but if the encryption algorithm is good and it's encrypted/decrypted phone-side only, even if they get it it should in theory take them a decently long time to crack it.

(...)

But yeah, I really really hope they encrypt/decrypt it ONLY phoneside and nowhere else (and are upfront that you are sacrificing a layer of security when using cloud storage). If they fail to do so, then like you say, it is snake oil peddling.
Absolutely true (your's and impeham's points) - maybe I should be more precise about it. Of course, if you encrypt something on your device (using strong methods), and put it in *encrypted* form somewhere in the net, if should be safe - even if you use "compromised" services, like some google storage.

What concerns me, is "encrypted in the cloud" - it doesn't sound lice normal storage where you put encrypted files, but rather, like some thing that does encrypting on server-side.

But, maybe, I'm just making wrong assumptions here - they're so vague about it, that it may mean ~anything.

/Estel
__________________
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!
 

The Following 2 Users Say Thank You to Estel For This Useful Post:
Community Council | Posts: 4,920 | Thanked: 12,867 times | Joined on May 2012 @ Southerrn Finland
#6
From the information available on their security environment I cannot see there's anything new really, pretty trivial stuff masked with a lot of buzzwords. Nothing new, nothing that I have not implemented myself or could not implement if I so decided, using open source tools.

Nothing there that convinces me they could not implement a nice backdoor for NSA themselves.[*]

And hey, ninjas for godssake, let's put there something now that will sure impress everybody, huh??

[*] There's this basic axiom that you should never trust any security framework that is not transparent to you, and I really mean that. What it boils down to is you have to implement it yourself for best results...
 

The Following 5 Users Say Thank You to juiceme For This Useful Post:
Estel's Avatar
Posts: 5,028 | Thanked: 8,613 times | Joined on Mar 2011
#7
Yea, that ninja thing is silly. It have as much to encryption, as sofa to electric chair. Unless it actually electroduce user upon entering wrong lock code
__________________
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!
 
Moderator | Posts: 5,320 | Thanked: 4,464 times | Joined on Oct 2009
#8
Maybe we can haz a Jolla "other half" devoted to all things crypto-related? ;-P
 
pichlo's Avatar
Posts: 6,445 | Thanked: 20,981 times | Joined on Sep 2012 @ UK
#9
Originally Posted by Estel View Post
Yea, that ninja thing is silly. It have as much to encryption, as sofa to electric chair. Unless it actually electroduce user upon entering wrong lock code
Actually, I think a ninja is quite appropriate. The main characteristic of a ninja is not karate or whatever cr@p Hollywood is selling, but leaving no trace. Many ninjas multiple identities, sometimes complete with two families that did not know about each other, all part of the plan to be able to disappear at a drop of a hat.

That does not make any of the points raised in this thread any less relevant, of course. Quite the opposite. Entrusting your sensitive data to the "secure" cloud? "Hey, NSA, pichlo has some sensitive data *here*!"
 

The Following 2 Users Say Thank You to pichlo For This Useful Post:
Posts: 1,680 | Thanked: 3,685 times | Joined on Jan 2011
#10
ROFL, secure cloud storage.
__________________
N900: One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die.
 

The Following 3 Users Say Thank You to vi_ For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 12:28.