1 |
On Tue, 17 Jan 2012 05:29:23 -0600, Dale wrote: |
2 |
|
3 |
> >> None of the passwords were lost tho. |
4 |
> > This time. |
5 |
> |
6 |
> And maybe not the next time either, or the next time, or the next |
7 |
> time. Point is, can you state for a fact that no site will ever be |
8 |
> broke into, ever? |
9 |
|
10 |
No, which is why I prefer not to entrust them with sensitive data. |
11 |
|
12 |
> >> Keep in mind, they are encrypted locally, then sent to |
13 |
> >> them. They can't see the passwords either. |
14 |
> > How is it encrypted? If the encryption system is not open source, it |
15 |
> > is not trustworthy. |
16 |
> |
17 |
> The guy that owns it posted on this list a good while back. This was |
18 |
> before the hack job. According to the things I have read, it has been |
19 |
> improved even more than it was. I agree open source can be good but |
20 |
> that doesn't mean closed can't be since we don't know what it does. If |
21 |
> we don't know, neither does the hackers. |
22 |
|
23 |
See Florian's answer. Open sourcing the encryption method means that |
24 |
there can be no back doors and the many eyeballs principle applies to |
25 |
inadvertent security holes. Closed source means you have to have complete |
26 |
trust, blind faith even, in the developers to be 100% honest and 100% |
27 |
fault free. |
28 |
|
29 |
A friend of mine who codes for financial institutions and is an |
30 |
encryption uber-geek once told me the principal they use is "keep the |
31 |
algorithm open and the keys secret". |
32 |
|
33 |
> > I wouldn't store my banking passwords anywhere online, in fact I |
34 |
> > cannot access my bank account with password alone. I also need my |
35 |
> > debit card, PIN and the card reader they supply. This generates |
36 |
> > one-time password using my card's details and no online component. I |
37 |
> > realise that card security is not the greatest, but if they've got my |
38 |
> > card and PIN, I'm screwed anyway. |
39 |
|
40 |
> Well, if I understand what you call a dropbox, that is online. I have |
41 |
> never used it so I have no idea. |
42 |
|
43 |
I don't store my bank details on Dropbox. |
44 |
|
45 |
> My bank doesn't have all that. Honestly, until it is absolutely |
46 |
> needed, I wouldn't want to go through all that just to see if I have |
47 |
> enough money to buy milk. :/ |
48 |
|
49 |
I was sceptical when it first arrived, but it's really easy to use and |
50 |
no password needed since the card reader generates it for you. It looks |
51 |
like a small calculator with a card slot, so easy enough to carry around |
52 |
for remote access. |
53 |
|
54 |
|
55 |
-- |
56 |
Neil Bothwick |
57 |
|
58 |
Don't forget that MS-Windows is just a temporary workaround until you can |
59 |
switch to a GNU system. |