On Saturday 28 November 2009 05:50:42 »Q« wrote: > On Sat, 28 Nov 2009 00:57:54 +0200 > Alan McKinnon <alan.mckin...@gmail.com> wrote: > > [about LastPass] > > > What I find incredible is that people will accept the site's say-so > > that the site admins can't read the data. They have not proven > > anything, merely asserted something. > > > > The only way to do give that guarantee is to encrypt the data. Which > > then needs a key. Someone must keep the key and it's either you or > > them. If it's them, they can decrypt the data (same reason as DRM is > > doomed to failure) and if it's you - well if you lose the key you > > lose the data. > > > > Are you telling me that there are people gullible enough to actaully > > fall for that one? > > They claim that the decrypted data never leaves your computer and they > they don't have a key to it. Many, many things aren't clear, such as > what kind of encryption is used (same as the US gov't uses for "Top > Secret" stuff, they say, heh), where and how the key is stored on your > machine, on and on. I wouldn't dream of using them, but yeah, they have > a substantial number of users.
I have an alarm system in my head. It's called the "Security by bullshit baffles brains Alert". It's ringing right now ;-) Mind you, I have vendors who use exactly the same throw-around-bullshit- statements-and-see-what-sticks approach. It works on the Account Managers all the time, and works on us techies none of them time. Lucky for us, techies rule around here. We get to tell the Account Managers that the vendor is talking crap, that we don't have to explain why, that we are not buying their crap and we are not using it, so please tell the vendor to leave the building and stop wasting my time :-) -- alan dot mckinnon at gmail dot com
