Ubuntu One needs cloud encryption like LastPass does it

Sam Smith smickson at hotmail.com
Wed Apr 4 23:55:09 UTC 2012

I use "SpiderOak" because it offers client-side encryption. It provides the security & privacy I seek.

I'd prefer to use Ubuntu One, but until it supports client-side AES 256-bit encryption & additionally encrypts the decryption key itself (like SpiderOak does) I won't even consider it.

From: jtodd929 at hotmail.com
To: m at funkyhat.org; ubuntu-devel-discuss at lists.ubuntu.com
Subject: RE: Ubuntu One needs cloud encryption like LastPass does it
Date: Sat, 24 Mar 2012 08:57:19 -0400

Even assuming this is true, why is it still not a good idea for Ubuntu One to implement the same encryption setup of the user having the only key.

> From: m at funkyhat.org
> Date: Sat, 24 Mar 2012 02:00:20 +0000
> Subject: Re: Ubuntu One needs cloud encryption like LastPass does it
> To: jtodd929 at hotmail.com
> CC: jordon at envygeeks.com; ubuntu-devel-discuss at lists.ubuntu.com
> On 23 March 2012 23:36, Jason Todd <jtodd929 at hotmail.com> wrote:
> > Guys, please read these (or listen to the podcasts):
> > http://www.grc.com/sn/sn-256.htm
> > http://www.grc.com/sn/sn-257.htm
> >
> > Things being said seem to conflict with what I learned from this episode of
> > security now on how lastpass works. Essentially: LastPass is very secure and
> > no one can access the data except the user.
> LastPass may be secure today, but it is trivially easy for LastPass
> (or a hypothetical attacker who gains access to LastPass's
> infrastructure) to compromise that security simply by replacing the
> javascript code which does the client side encryption and decryption
> with some code that also passes the encryption key back up to the
> server (or wherever).
> -- 
> Matt Wheeler
> m at funkyHat.org

Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20120404/d3980adf/attachment.html>

More information about the Ubuntu-devel-discuss mailing list