I'm not clear on what "host_id" actually *is*. Muffett's comments[1][2] make it sound like Is it the private key for an asymmetric cipher. If so, then yes, getting it stolen would of course compromise your Dropbox storage. That's how practically every modern cryptosystem works.
However, the original link[3] gives me the impression "host_id" is not intended to be a cryptographic secret. It sounds more like it's just some kind of machine serial number or GUID, and it may appear in (semi-)public URLs and the like. If all you need to access nominally private Dropbox storage is that ID number, then that's not good at all. It would be more like authenticating clients solely on their login username. [1] http://blogs.computerworlduk.com/unscrewing-security/2011/04/practical-dropbox-security-advice/index.htm [2] Thanks, ASB. [3] http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/ -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
