Ubuntu One needs cloud encryption like LastPass does it

Matt Wheeler m at funkyhat.org
Sat Mar 24 02:00:20 UTC 2012

On 23 March 2012 23:36, Jason Todd <jtodd929 at hotmail.com> wrote:
> Guys, please read these (or listen to the podcasts):
> http://www.grc.com/sn/sn-256.htm
> http://www.grc.com/sn/sn-257.htm
> Things being said seem to conflict with what I learned from this episode of
> security now on how lastpass works. Essentially: LastPass is very secure and
> no one can access the data except the user.

LastPass may be secure today, but it is trivially easy for LastPass
(or a hypothetical attacker who gains access to LastPass's
infrastructure) to compromise that security simply by replacing the
javascript code which does the client side encryption and decryption
with some code that also passes the encryption key back up to the
server (or wherever).

Matt Wheeler
m at funkyHat.org

More information about the Ubuntu-devel-discuss mailing list