On Tue, 17 Jan 2012 05:29:23 -0600, Dale wrote: > >> None of the passwords were lost tho. > > This time. > > And maybe not the next time either, or the next time, or the next > time. Point is, can you state for a fact that no site will ever be > broke into, ever?
No, which is why I prefer not to entrust them with sensitive data. > >> Keep in mind, they are encrypted locally, then sent to > >> them. They can't see the passwords either. > > How is it encrypted? If the encryption system is not open source, it > > is not trustworthy. > > The guy that owns it posted on this list a good while back. This was > before the hack job. According to the things I have read, it has been > improved even more than it was. I agree open source can be good but > that doesn't mean closed can't be since we don't know what it does. If > we don't know, neither does the hackers. See Florian's answer. Open sourcing the encryption method means that there can be no back doors and the many eyeballs principle applies to inadvertent security holes. Closed source means you have to have complete trust, blind faith even, in the developers to be 100% honest and 100% fault free. A friend of mine who codes for financial institutions and is an encryption uber-geek once told me the principal they use is "keep the algorithm open and the keys secret". > > I wouldn't store my banking passwords anywhere online, in fact I > > cannot access my bank account with password alone. I also need my > > debit card, PIN and the card reader they supply. This generates > > one-time password using my card's details and no online component. I > > realise that card security is not the greatest, but if they've got my > > card and PIN, I'm screwed anyway. > Well, if I understand what you call a dropbox, that is online. I have > never used it so I have no idea. I don't store my bank details on Dropbox. > My bank doesn't have all that. Honestly, until it is absolutely > needed, I wouldn't want to go through all that just to see if I have > enough money to buy milk. :/ I was sceptical when it first arrived, but it's really easy to use and no password needed since the card reader generates it for you. It looks like a small calculator with a card slot, so easy enough to carry around for remote access. -- Neil Bothwick Don't forget that MS-Windows is just a temporary workaround until you can switch to a GNU system.
signature.asc
Description: PGP signature
