I am certainly impressed by the way that Tresorit seems to be handling security and also the openness of their company about methods they use and reject.
Their recent blog post shows that they are really trying to excel in the online backup industry by pushing current protocols beyond the standard ‘accepted’ limits.
When we designed Tresorit, we were faced with two contrary options: using widespread, well-tested, standardized, industry standard protocols and creating (or implementing) new, stronger protocols. We decided to combine the best of these approaches: we use the strongest standard one, and extend it with our protocol on a way that if our protocol fails, it fallback to the standard one.
I worked for many years in the computer security and penetration testing arena and most encryption methods I previously struggled to get past are now easily cracked by anyone with a laptop, some free software and some common sense. Times move on and you can’t presume something is safe because there are no current published exploits for it.
Tresorit is a relatively new but forward-thinking company that seem to have got their security levels right rather than waiting on the day they are compromised to address this. Keep up the good work Tresorit and keep pushing the boundaries of encryption.