SpiderOak Woes
Gordon Marx
gcmarx-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Wed Apr 13 14:13:12 EDT 2011
On Wed, Apr 13, 2011 at 2:01 PM, Richard Pieri <richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
>> If you use a private data password, we escrow the locked key for you in case computer is lost or stolen; however we cannot use it as only you (the customer) know the secret (private data password) to unlock it.
>
> I see just enough leeway in that statement to let Code 42 have a master password that unlocks all keys. Yes, I'm being paranoid, because allegedly secure providers have handed over data to law enforcement without batting an eye.
I'm not sure if you're being deliberately obtuse, or if you're
honestly not understanding my point.
If I upload encrypted data, and I do not give out the encryption key,
then no "master encryption key" is going to let anyone into that data.
If there is some way to break AES-256 or RSA, that's a separate issue.
What you're talking about is having Code 42 storing your secret key.
That's a bad idea, for the reason you said. No one should do that.
Gordon
More information about the Discuss
mailing list