I use "SpiderOak" because it offers client-side encryption. It provides the security & privacy I seek.
I'd prefer to use Ubuntu One, but until it supports client-side AES 256-bit encryption & additionally encrypts the decryption key itself (like SpiderOak does) I won't even consider it. From: jtodd...@hotmail.com To: m...@funkyhat.org; ubuntu-devel-discuss@lists.ubuntu.com Subject: RE: Ubuntu One needs cloud encryption like LastPass does it Date: Sat, 24 Mar 2012 08:57:19 -0400 Even assuming this is true, why is it still not a good idea for Ubuntu One to implement the same encryption setup of the user having the only key. > From: m...@funkyhat.org > Date: Sat, 24 Mar 2012 02:00:20 +0000 > Subject: Re: Ubuntu One needs cloud encryption like LastPass does it > To: jtodd...@hotmail.com > CC: jor...@envygeeks.com; ubuntu-devel-discuss@lists.ubuntu.com > > On 23 March 2012 23:36, Jason Todd <jtodd...@hotmail.com> wrote: > > Guys, please read these (or listen to the podcasts): > > http://www.grc.com/sn/sn-256.htm > > http://www.grc.com/sn/sn-257.htm > > > > Things being said seem to conflict with what I learned from this episode of > > security now on how lastpass works. Essentially: LastPass is very secure and > > no one can access the data except the user. > > LastPass may be secure today, but it is trivially easy for LastPass > (or a hypothetical attacker who gains access to LastPass's > infrastructure) to compromise that security simply by replacing the > javascript code which does the client side encryption and decryption > with some code that also passes the encryption key back up to the > server (or wherever). > > -- > Matt Wheeler > m...@funkyhat.org -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
