On Wednesday 22 Jul 2015 01:32:10 Dale wrote: > Mick wrote: > > On Tuesday 21 Jul 2015 18:35:27 Dale wrote:
> >> From what I recall about Lasspass, it does encrypt the data locally then > >> uploads it. I recall reading that if you lose your master password, > >> they can't get in it either. All they get is encrypted data. Of all > >> the things I read about when looking for a password manager, Lastpass > >> was the only thing that came close to what I wanted. After using it a > >> while, it is all I need. > >> > >> https://lastpass.com/how-it-works > > > > Right, your data may be encrypted locally, but if you use a browser to > > decrypt it (after it is downloaded to your PC) then there are attack > > vectors (e.g. XSS) for the decrypted data to be leaked out of your > > machine. > > Well, couldn't the same be said if it is encrypted on a USB stick? > Anytime you encrypt something, you have decrypt it to use it and that > has to be done somewhere. Of course, but if it is done using an application which its main purpose is not to connect to the Internet (i.e. your browser) the real estate exposed to a potential attack reduces significantly. > >> I've had USB sticks break before. They are also easy to lose. I'd > >> prefer not to store something that important on a USB stick. > >> > >> Dale > >> > >> :-) :-) > > > > I didn't clarify that you should use something like gpg to encrypt your > > file(s) on the USB stick, as I do this with all sensitive files not just > > passwords. I more or less assumed that it is the done thing. Broken USB > > sticks you can drive a drill through, or throw in a fire. Stolen USB > > sticks will at least be encrypted. > > > > If you are really paranoid you could also use dm-crypt to additionally > > encrypt the whole USB partition. > > My point is, if you put the info on a USB stick and lose it, you have > now lost all your passwords. If it fails, same problem. In either of these failure modes your solution is to forget about your first USB stick and go dig out your second USB stick. > The way > Lastpass works, even if your computer dies from say a house fire, once > you login to Lastpass with your new puter, you are back in business. > > Dale In the case of a house fire we are in a DR scenario. You head straight to your brother's place. You'll need a place to stay anyway, if your house burnt down, you might as well check that back up USB you left there. ;-) -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
