On Sun, Nov 6, 2011 at 12:16 PM, Christopher Menzel <cmen...@tamu.edu> wrote: > On Nov 6, 2011, at 9:38 AM, Liviu Andronic wrote: >> ... >> In the SpiderOak case, they don't know your password (unless, temporarily, >> you log onto their website), > > Spideroak (and any other such service) uses the https protocol, which > encrypts all data transfers, and surely only (one-way) encrypted passwords > are stored on their servers. Logging in to their website won't reveal your > password. > After you log onto their website, to decrypt your data on the server side the SpiderOak website needs to use your password. See [1]. When you access your data from the desktop app, the data is shipped encrypted from the server and gets decrypted on the client side---thus, according to their stated policy, unless you use their web interface SpiderOak never learns your password. All the encrypting/decrypting process happens on your computer.
Liviu [1] https://spideroak.com/engineering_matters#instant_access
