Ubuntu One needs cloud encryption like LastPass does it

Dale Amon amon at vnl.com
Thu Apr 5 23:25:47 UTC 2012

On Thu, Apr 05, 2012 at 06:42:23PM -0400, Sam Smith wrote:
> The point is that SpiderOak (and Lastpass) never know the user's password. And never receive the encryption key. The key never leaves the user's computer. The server never gets it. The only thing that ever lands on the server is an encrypted blob. 
> What this means is that the user doesn't have to worry about the 3rd party taking care of the data. If the 3rd party is hacked, if the 3rd party has a rogue employee, etc. The data has a much better chance of being safe than if it's implemented like say iCloud where even if the data is encrypted Apple holds the encryption key and can access the data anytime they want. If Apple can access the data, a rogue employee and a hacker can potentially access the data.

Are SpiderOak and LastPass FOSS?

More information about the Ubuntu-devel-discuss mailing list