| 1 |
On Tue, 17 Jan 2012 05:29:23 -0600, Dale wrote: |
| 2 |
|
| 3 |
> >> None of the passwords were lost tho. |
| 4 |
> > This time. |
| 5 |
> |
| 6 |
> And maybe not the next time either, or the next time, or the next |
| 7 |
> time. Point is, can you state for a fact that no site will ever be |
| 8 |
> broke into, ever? |
| 9 |
|
| 10 |
No, which is why I prefer not to entrust them with sensitive data. |
| 11 |
|
| 12 |
> >> Keep in mind, they are encrypted locally, then sent to |
| 13 |
> >> them. They can't see the passwords either. |
| 14 |
> > How is it encrypted? If the encryption system is not open source, it |
| 15 |
> > is not trustworthy. |
| 16 |
> |
| 17 |
> The guy that owns it posted on this list a good while back. This was |
| 18 |
> before the hack job. According to the things I have read, it has been |
| 19 |
> improved even more than it was. I agree open source can be good but |
| 20 |
> that doesn't mean closed can't be since we don't know what it does. If |
| 21 |
> we don't know, neither does the hackers. |
| 22 |
|
| 23 |
See Florian's answer. Open sourcing the encryption method means that |
| 24 |
there can be no back doors and the many eyeballs principle applies to |
| 25 |
inadvertent security holes. Closed source means you have to have complete |
| 26 |
trust, blind faith even, in the developers to be 100% honest and 100% |
| 27 |
fault free. |
| 28 |
|
| 29 |
A friend of mine who codes for financial institutions and is an |
| 30 |
encryption uber-geek once told me the principal they use is "keep the |
| 31 |
algorithm open and the keys secret". |
| 32 |
|
| 33 |
> > I wouldn't store my banking passwords anywhere online, in fact I |
| 34 |
> > cannot access my bank account with password alone. I also need my |
| 35 |
> > debit card, PIN and the card reader they supply. This generates |
| 36 |
> > one-time password using my card's details and no online component. I |
| 37 |
> > realise that card security is not the greatest, but if they've got my |
| 38 |
> > card and PIN, I'm screwed anyway. |
| 39 |
|
| 40 |
> Well, if I understand what you call a dropbox, that is online. I have |
| 41 |
> never used it so I have no idea. |
| 42 |
|
| 43 |
I don't store my bank details on Dropbox. |
| 44 |
|
| 45 |
> My bank doesn't have all that. Honestly, until it is absolutely |
| 46 |
> needed, I wouldn't want to go through all that just to see if I have |
| 47 |
> enough money to buy milk. :/ |
| 48 |
|
| 49 |
I was sceptical when it first arrived, but it's really easy to use and |
| 50 |
no password needed since the card reader generates it for you. It looks |
| 51 |
like a small calculator with a card slot, so easy enough to carry around |
| 52 |
for remote access. |
| 53 |
|
| 54 |
|
| 55 |
-- |
| 56 |
Neil Bothwick |
| 57 |
|
| 58 |
Don't forget that MS-Windows is just a temporary workaround until you can |
| 59 |
switch to a GNU system. |
Archives