| 1 |
On Sat, 28 Nov 2009 00:57:54 +0200 |
| 2 |
Alan McKinnon <alan.mckinnon@×××××.com> wrote: |
| 3 |
|
| 4 |
[about LastPass] |
| 5 |
> What I find incredible is that people will accept the site's say-so |
| 6 |
> that the site admins can't read the data. They have not proven |
| 7 |
> anything, merely asserted something. |
| 8 |
> |
| 9 |
> The only way to do give that guarantee is to encrypt the data. Which |
| 10 |
> then needs a key. Someone must keep the key and it's either you or |
| 11 |
> them. If it's them, they can decrypt the data (same reason as DRM is |
| 12 |
> doomed to failure) and if it's you - well if you lose the key you |
| 13 |
> lose the data. |
| 14 |
> |
| 15 |
> Are you telling me that there are people gullible enough to actaully |
| 16 |
> fall for that one? |
| 17 |
|
| 18 |
They claim that the decrypted data never leaves your computer and they |
| 19 |
they don't have a key to it. Many, many things aren't clear, such as |
| 20 |
what kind of encryption is used (same as the US gov't uses for "Top |
| 21 |
Secret" stuff, they say, heh), where and how the key is stored on your |
| 22 |
machine, on and on. I wouldn't dream of using them, but yeah, they have |
| 23 |
a substantial number of users. |
| 24 |
|
| 25 |
-- |
| 26 |
»Q« |
| 27 |
Kleeneness is next to Gödelness. |
Archives