I use "SpiderOak" because it offers client-side encryption. It provides the security & privacy I seek.
I'd prefer to use Ubuntu One, but until it supports client-side AES 256-bit encryption & additionally encrypts the decryption key itself (like SpiderOak does) I won't even consider it. From: [email protected] To: [email protected]; [email protected] Subject: RE: Ubuntu One needs cloud encryption like LastPass does it Date: Sat, 24 Mar 2012 08:57:19 -0400 Even assuming this is true, why is it still not a good idea for Ubuntu One to implement the same encryption setup of the user having the only key. > From: [email protected] > Date: Sat, 24 Mar 2012 02:00:20 +0000 > Subject: Re: Ubuntu One needs cloud encryption like LastPass does it > To: [email protected] > CC: [email protected]; [email protected] > > On 23 March 2012 23:36, Jason Todd <[email protected]> wrote: > > Guys, please read these (or listen to the podcasts): > > http://www.grc.com/sn/sn-256.htm > > http://www.grc.com/sn/sn-257.htm > > > > Things being said seem to conflict with what I learned from this episode of > > security now on how lastpass works. Essentially: LastPass is very secure and > > no one can access the data except the user. > > LastPass may be secure today, but it is trivially easy for LastPass > (or a hypothetical attacker who gains access to LastPass's > infrastructure) to compromise that security simply by replacing the > javascript code which does the client side encryption and decryption > with some code that also passes the encryption key back up to the > server (or wherever). > > -- > Matt Wheeler > [email protected] -- Ubuntu-devel-discuss mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
-- Ubuntu-devel-discuss mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
