Security Analysis of Chain-FS service

We examine the security of a cloud storage service that makes very strong claims about the ``trustless'' nature of its security. We find that, although stored files are end-to-end encrypted, the encryption method allows for effective dictionary attacks by a malicious server when passwords only just meet the minimum length required. Furthermore, the file sharing function simply sends the decryption passwords to the server with no protection other than TLS.