On Mon, 17 Dec 2012 17:31:12 +0100, Marc <[email protected]> wrote:
Another +1 for LastPass. You can read more about it at
https://lastpass.com/enterprise_technology.php but LastPass doesn't know
anything about your password/passwords. It just stores your encrypted
password vault. For example, if you forget your LastPass master
password,
then you are out of luck, they can't possibly recover it for you. All
decryption happens locally.
Marc, the problem is that this is what LastPass declares to do. Did you
see the code? What guarantees you that in a couple of years LastPass will
silently change the approach? What about bugs, that is the involuntary
leak of information? What about details: is LastPass careful in wiping
temporarily unencrypted passwords in memory as soon as they are no more
needed? Yesterday I read of an Android bug in Samsung implementation that
would allow to some crafted apps to bypass the memory sandbox and access
the memory of other apps.
Bruce Schneier said more than ten years ago that in his view open source
was not just a business model, but the only way to properly engineer a
security system.
--
Fabrizio Giudici - Java Architect @ Tidalwave s.a.s.
"We make Java work. Everywhere."
http://tidalwave.it/fabrizio/blog - [email protected]
--
You received this message because you are subscribed to the Google Groups "Java
Posse" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/javaposse?hl=en.
