At 9:33 AM -0500 12/23/2008, Tom Coradeschi wrote: > >And yet their FAQ also describes getting access to your data even >>after your computer has been destroyed. They even have you call >>Support to have them manually give you access... > >Correct. However, as I stated, if you lose or forget your decrypt key >(assuming that you don't use the default, which is the same as your >login password), you are totally out of luck. > >http://support.mozy.com/docs/en-user-home-mac/faq/concepts/commissue_lost_key_c.html
"Unfortunately, your data is inaccessible without the correct encryption key. Since you chose to use your own private key, we do not have access to your data [...] Remember to choose a private encryption key that you will not forget, or use Mozy⤁s own encryption key." Ok... So *by default* the data is encrypted with THEIR key. So it is only secure *IF* *every* one of their employees is to be trusted AND they don't screw up and release their private key. Likewise, if you chose your own key, it is still only secure IF they don't screw up and let your data be grabbed by someone willing to spend the computer power to brute force it. ...Don't fall into the "but brute force takes years" trap: it doesn't. If the data is worth having the cracker will do his homework to create a characterized attack, thus greatly reducing the possible key set. > >It may be that there is some magic secure way of doing all this, that >>they're just not talking about. But ... still, they're an unknown >>3rd party... > >A pretty well known 3rd party, actually. And, as noted, review the above FAQ. Well known if you follow the historica a bit, I guess. EMC begot Decho in November 2008, and took over Mozy. That puts two layers of abstraction between the customer liability and EMC (a publicly traded company). Mozy is based in Utah -- so BE CAREFUL as to the type of data you put there. hum. Their domain registration address doesn't match their business address. I don't see any bonding information posted for them - not necessarily a bad thing; some companies buy the bond but don't post its details public.) Sorry. My original opinion still stands: Trusting a 3rd party with your data is an unnecessary security risk. It is far less safe than a trusted friend/relative's sock drawer. - Dan. -- - Psychoceramic Emeritus; South Jersey, USA, Earth --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to Low End Mac's iMac List, a group for those using G3, G4, G5, and Intel Core iMacs as well as Apple eMacs. The list FAQ is at http://lowendmac.com/imac/list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/imaclist?hl=en Low End Mac RSS feed at feed://lowendmac.com/feed.xml -~----------~----~----~----~------~----~------~--~---
