On Sat, 10 Oct 2015, Edward Ned Harvey (lopser) wrote:
From: David Lang [mailto:da...@lang.hm]
The think you seem to be missing is that in most cases, bad actor insiders can
do so much damage to you that getting your password is probably the least
dangerous thing that can happen to you.
I am advocating authentication without exposure of passwords or other secrets.
I am advocating client-side encryption using keys that are not exposed to
servers.
I am advocating defense of your legal right to privacy - Most people think of
at least their password being private (some think their data should be private
too), but from a legal standpoint, this is highly questionable, if you
voluntarily sent your password to the server.
Under those conditions, the worst a bad actor can do is delete your encrypted
data and/or deny service. I acknowledge that if encryption keys are derived
from low-entropy secrets, the damage could be more than just deletion or
denial of service, but even if your password was 123456, you have an improved
position WRT your legal right to privacy, if you didn't voluntarily expose
that pathetic password.
um, no. If the server is making use of your data (like using it to provide you a
service, basically anything more than passively storing data for you ala
dropbox) they can do a lot more bad thins to yo than to delete your data.
Think about your bank, not dropbox.
David Lang
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
