On 28 Nov 2009, at 22:03, Dale wrote:
...
And to think I came here to ask others opinion BEFORE doing this. I
was curious as to how this could work myself and if they can be
trusted, or SHOULD be trusted. Seems everyone thinks no one should.
Everyone's yakking it up because it makes them look clever.
There's no reason encrypted data can't be stored on the server, then
decrypted client-side in the web-browser or by using Java (or possibly
even Javascript).
That's not saying it IS secure, just that such an infrastructure
should be possible, as much as we consider things like ssh, https &c
to be "secure".
The "Why LastPass is safe" page <https://lastpass.com/safety.php> is
indeed bullet-points for idiots, and if that was the only information
available on the site then I, too, might be more suspicious. If you
look at the "Technology" summary on the site it looks far more
reasonable: <https://lastpass.com/technology.php>. Perhaps some other
commenters should have read this before posting?
Would I trust LastPass with child porn or incriminating information
regarding my plans to overthrow the government?
No, I really think not.
Would I trust it with my bank details and my Slashdot password?
Why not? Those really aren't valuable enough to be worth hacking and
SSL, AES & RSA ought to be plenty enough to secure them.
Stroller.
