Does anyone have any thoughts on this/these companies / products? I was searching for a cloud-based backup solution when I came across SpiderOak, and their site has links to Crypton and Encryptr, which are presumably loosely-affiliated projects. Reading the information on the SpiderOak site makes it sound ideal for secure backups from a privacy/security standpoint ("control your keys").
In practice, though, I try to be leery of "too good to be true" and I'm well aware that convenience is typically a trade-off against good security. That having been said, I've started a trial on SpiderOak, and it's so easy it seems to me like maybe it should be raising those two red flags. To elaborate, I believe the following security opinions are sound:
not storing keys on the server is great
having a separate key for each file can certainly potentially provide benefits (even beyond the ones that lead them to that model)
However, having PGP and TrueCrypt experience, I have a rudimentary knowledge of secure cryptography, and that knowledge makes me concerned that SpiderOak might have to use much weaker encryption than these at the very least. The reason for my concern is that I can't wrap my mind around the idea that a single username/password combination (which presumably typically won't be especially strong) can generate the same practically unlimited set of keys from multiple computers. The site isn't especially technical, so I don't know how they are accomplishing this, and there may be a good way to do it (regardless of whether or not they are using said good way).
That having been said, while I am trying SpiderOak for some files I need to keep backed up, and I could see Encryptr potentially being a great alternative to KeePass depending on its feature set, I'm a lot more leery of trying Encryptr.
So, is anyone familiar with the code and/or functionality of the services/applications named in the title of this post? If so, do you have any information or opinions, positive or negative?