Pierluigi Paganini
December 10, 2015
While politicians and experts are debating around encryption, the End-to-end encrypted database ZeroDB becomes open source and its code is available on GitHub.
ZeroDB is an end-to-end encrypted database in which the storage server knows nothing about the data it is storing, as reported on the official website query logic is performed client-side against encrypted data on a remote server, in this way even if the storage server is hacked, an attacker will not be able to view the unencrypted data.
ZeroDB allows users to develop applications with strong security with specific care to the end-user privacy. ZeroDB is particularly suitable for applications that need to store encrypted information on untrusted servers such as a public cloud storage.
The database is based on Zope Object Database (ZODB), which is an object-oriented database for transparently and persistently storing Python objects, and written inPython.
“In ZeroDB, the client is responsible for the database logic. Data encryption, decryption and compression also happen client side. Therefore, the server never has any knowledge about the data, its structure or order,” it is explained in the documentation. “Since the server has no insight into the nature of the data, the risk of a server-side data breach is eliminated. Even if attackers successfully infiltrate the server, they won’t have access to the cleartext data,” the developers pointed out.
The user data on the server is always encrypted, at rest, in transit, and even when used. The developers behind the ZeroDB project, MacLane Wilkison and Michael Egorov, changed the license from proprietary to AGPLv3 early this week.
“Now that it’s open source, we want your help to make it better. Try it, build awesome things with it, break it. Then tell us about it.” states the post the officially announces ZeroDB goes open source. “Today, we’re releasing a Python implementation. A JavaScript client will be following soon.”
The ZeroDB is recommended for companies in the financial services industry, healthcare industry, government agencies, media companies and telecoms.
The announcement related to ZeroDB comes a few days after the one of Hashcat, the popular password recovery tool that has been released as open source under the MIT license.
(Security Affairs – database, ZeroDB)
