The impact is a different one though. In that scenario pointed by Hanno somebody needs to have access to the storage which already requires some kind of previous gained access. What could be done by an attacker then is to infect EXE files or so.
In the case of Seafile one could simply change passwords of any user etc.
But yes, crypto is hard and I agree that the way we did it at ownCloud is far away from the best way. :-)
In the case of Seafile one could simply change passwords of any user etc.
But yes, crypto is hard and I agree that the way we did it at ownCloud is far away from the best way. :-)