Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
> From: discuss-bounces-mNDKBlG2WHs at public.gmane.org [mailto:discuss-bounces-mNDKBlG2WHs at public.gmane.org] On Behalf > Of Gordon Marx > > On Tue, Apr 12, 2011 at 11:03 AM, Richard Pieri <richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> > wrote: > > Take statements like that with a grain of salt. ?A provider could be unable to > recover your passwords but still have access to everything you have stored > there through a master encryption key. ?Look for the law enforcement > caveat in the service contract, or alternatively look for the "zero knowledge" > statement in those terms. > > Pardon my "ignorance", but what is a "master encryption key" going to > do? I upload an encrypted file to them, I keep the key to myself, > there's no way they can use anything to break it. You're not being ignorant. The master encryption key comment was misplaced, or irrelevant in context about crashplan. In concept, a master encryption key is: When you encrypt data, it's possible to make it decryptable using multiple keys. For example in FileVault (Mac OSX) the administrator can create a master password before giving the laptop to a user, and then the end user encrypts their data using a secret password. But if the user ever loses their password, then the administrator can still "rescue" the data using the master pass. Since the context of this conversation is crashplan: Crashplan explicitly states that if you elect to use your own password or key, it will be required before decrypting, and if you lose your key or password, the data will not be recoverable. While they did not say "We do not have a master key to access your data without your key or password" it is evident from their statements, that they do not have a master key. Now if someone wants to make an argument that crashplan is lying, that's another situation. Hopefully such an argument won't be made without first obtaining some factual basis.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |