Re: [gentoo-user] Re: [OT] Seamonkey and LastPass

Sat, 28 Nov 2009 14:04:22 -0800 

chrome://messenger/locale/messengercompose/composeMsgs.properties:

On Saturday 28 November 2009 05:50:42 »Q« wrote:

On Sat, 28 Nov 2009 00:57:54 +0200
Alan McKinnon<alan.mckin...@gmail.com>  wrote:

[about LastPass]


What I find incredible is that people will accept the site's say-so
that the site admins can't read the data. They have not proven
anything, merely asserted something.

The only way to do give that guarantee is to encrypt the data. Which
then needs a key. Someone must keep the key and it's either you or
them. If it's them, they can decrypt the data (same reason as DRM is
doomed to failure) and if it's you - well if you lose the key you
lose the data.

Are you telling me that there are people gullible enough to actaully
fall for that one?

They claim that the decrypted data never leaves your computer and they
they don't have a key to it.  Many, many things aren't clear, such as
what kind of encryption is used (same as the US gov't uses for "Top
Secret" stuff, they say, heh), where and how the key is stored on your
machine, on and on. I wouldn't dream of using them, but yeah, they have
a substantial number of users.

I have an alarm system in my head. It's called the "Security by bullshit
baffles brains Alert". It's ringing right now ;-)

Mind you, I have vendors who use exactly the same throw-around-bullshit-
statements-and-see-what-sticks approach. It works on the Account Managers all
the time, and works on us techies none of them time.

Lucky for us, techies rule around here. We get to tell the Account Managers
that the vendor is talking crap, that we don't have to explain why, that we
are not buying their crap and we are not using it, so please tell the vendor
to leave the building and stop wasting my time :-)
And to think I came here to ask others opinion BEFORE doing this. I was curious as to how this could work myself and if they can be trusted, or SHOULD be trusted. Seems everyone thinks no one should.
That said, because of the way my bank and credit card site accepts the login and password, I bet it wouldn't work for them anyway. If I wanted a really long password that would be hard to guess, those two would be it. 

Dale

:-)  :-)

Reply via email to