On Sat, 28 Nov 2009 00:57:54 +0200
Alan McKinnon <[email protected]> wrote:
[about LastPass]
> What I find incredible is that people will accept the site's say-so
> that the site admins can't read the data. They have not proven
> anything, merely asserted something.
>
> The only way to do give that guarantee is to encrypt the data. Which
> then needs a key. Someone must keep the key and it's either you or
> them. If it's them, they can decrypt the data (same reason as DRM is
> doomed to failure) and if it's you - well if you lose the key you
> lose the data.
>
> Are you telling me that there are people gullible enough to actaully
> fall for that one?
They claim that the decrypted data never leaves your computer and they
they don't have a key to it. Many, many things aren't clear, such as
what kind of encryption is used (same as the US gov't uses for "Top
Secret" stuff, they say, heh), where and how the key is stored on your
machine, on and on. I wouldn't dream of using them, but yeah, they have
a substantial number of users.
--
»Q«
Kleeneness is next to Gödelness.
