On Wed, Apr 13, 2011 at 2:01 PM, Richard Pieri <richard.pi...@gmail.com> wrote: >> If you use a private data password, we escrow the locked key for you in case >> computer is lost or stolen; however we cannot use it as only you (the >> customer) know the secret (private data password) to unlock it. > > I see just enough leeway in that statement to let Code 42 have a master > password that unlocks all keys. Yes, I'm being paranoid, because allegedly > secure providers have handed over data to law enforcement without batting an > eye.
I'm not sure if you're being deliberately obtuse, or if you're honestly not understanding my point. If I upload encrypted data, and I do not give out the encryption key, then no "master encryption key" is going to let anyone into that data. If there is some way to break AES-256 or RSA, that's a separate issue. What you're talking about is having Code 42 storing your secret key. That's a bad idea, for the reason you said. No one should do that. Gordon _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
