> From: David Lang [mailto:da...@lang.hm] > > um, no. If the server is making use of your data (like using it to provide > you a > service, basically anything more than passively storing data for you ala > dropbox) they can do a lot more bad thins to yo than to delete your data. > > Think about your bank, not dropbox.
I think we're agreed that even if the server actively processes your data for you, there's no advantage to authentication with password exposure. It would be better to instead use a zero knowledge proof of password. And I think we're also agreed that client-side encryption is not always possible, because the server needs to actually process your data in order to serve you. (At least, not until homomorphic encryption matures a bit more). But some really big uses of the Internet are communications - email, txt messages, IM, file sharing, voice communications, video chat, etc. For these, the server itself and the admins working on the server don't need access, so client-side encryption is desirable. _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
