Just FYI, you are going to run into the problem of key portability. If the key is derived from a password, your encrypted copy of the user's data (which might be subject to subpoena?) could be easily cracked via offline dictionary attacks. I hope you at least plan to use a salt, many iterations of a good derivation function, etc. IMHO, users would be better off if you just t-of-n secret shared their storage across multiple hosts in different countries instead, but I can see why thats a challenge.
Shabsi On Mon, Mar 21, 2011 at 5:22 AM, Boris Zbarsky <[email protected]> wrote: > On 3/21/11 4:40 AM, Erik Corry wrote: > >> You want to protect the user from a compromise of Mozillas servers, >> > > We also want to protect the user from a subpoena served to Mozilla, for > example. This means we must never have the data on our side, and this means > the encryption needs to happen on the client, period. This is not > negotiable for proper functioning of the feature in question. > > -Boris > > _______________________________________________ > es-discuss mailing list > [email protected] > https://mail.mozilla.org/listinfo/es-discuss >
_______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
