Ubuntu One needs cloud encryption like LastPass does it
Jason Todd
jtodd929 at hotmail.com
Sat Mar 24 12:57:19 UTC 2012
Even assuming this is true, why is it still not a good idea for Ubuntu One to implement the same encryption setup of the user having the only key.
> From: m at funkyhat.org
> Date: Sat, 24 Mar 2012 02:00:20 +0000
> Subject: Re: Ubuntu One needs cloud encryption like LastPass does it
> To: jtodd929 at hotmail.com
> CC: jordon at envygeeks.com; ubuntu-devel-discuss at lists.ubuntu.com
>
> On 23 March 2012 23:36, Jason Todd <jtodd929 at hotmail.com> wrote:
> > Guys, please read these (or listen to the podcasts):
> > http://www.grc.com/sn/sn-256.htm
> > http://www.grc.com/sn/sn-257.htm
> >
> > Things being said seem to conflict with what I learned from this episode of
> > security now on how lastpass works. Essentially: LastPass is very secure and
> > no one can access the data except the user.
>
> LastPass may be secure today, but it is trivially easy for LastPass
> (or a hypothetical attacker who gains access to LastPass's
> infrastructure) to compromise that security simply by replacing the
> javascript code which does the client side encryption and decryption
> with some code that also passes the encryption key back up to the
> server (or wherever).
>
> --
> Matt Wheeler
> m at funkyHat.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20120324/c0eaf913/attachment.html>
More information about the Ubuntu-devel-discuss
mailing list