1 |
On Sat, 28 Nov 2009 00:57:54 +0200 |
2 |
Alan McKinnon <alan.mckinnon@×××××.com> wrote: |
3 |
|
4 |
[about LastPass] |
5 |
> What I find incredible is that people will accept the site's say-so |
6 |
> that the site admins can't read the data. They have not proven |
7 |
> anything, merely asserted something. |
8 |
> |
9 |
> The only way to do give that guarantee is to encrypt the data. Which |
10 |
> then needs a key. Someone must keep the key and it's either you or |
11 |
> them. If it's them, they can decrypt the data (same reason as DRM is |
12 |
> doomed to failure) and if it's you - well if you lose the key you |
13 |
> lose the data. |
14 |
> |
15 |
> Are you telling me that there are people gullible enough to actaully |
16 |
> fall for that one? |
17 |
|
18 |
They claim that the decrypted data never leaves your computer and they |
19 |
they don't have a key to it. Many, many things aren't clear, such as |
20 |
what kind of encryption is used (same as the US gov't uses for "Top |
21 |
Secret" stuff, they say, heh), where and how the key is stored on your |
22 |
machine, on and on. I wouldn't dream of using them, but yeah, they have |
23 |
a substantial number of users. |
24 |
|
25 |
-- |
26 |
»Q« |
27 |
Kleeneness is next to Gödelness. |