Ubuntu One needs cloud encryption like LastPass does it

John McCabe-Dansted gmatht at gmail.com
Sun Apr 8 03:55:25 UTC 2012


> LastPass may be secure today, but it is trivially easy for LastPass
> (or a hypothetical attacker who gains access to LastPass's
> infrastructure) to compromise that security simply by replacing the
> javascript code which does the client side encryption and decryption
> with some code that also passes the encryption key back up to the
> server (or wherever).

Hmm, in principle Firefox could support native encryption, where you
add the key to Firefox directly before even visiting the website.
Being a bit careful about frames and/or javascript should give you a
secure solution. The major issue then is, if security matters to you,
why do you want to access these files from the web? Are you sitting
down on an untrusted computer and just blindy entering your encryption
key?

Still, adding support for securely encrypted files as a cross browser
standard seems like a fundamentally cool thing to do.

-- 
John C. McCabe-Dansted




More information about the Ubuntu-devel-discuss mailing list