On Wed, 2011-08-03 at 14:02 -0400, Ian Stokes-Rees wrote: > > > On 8/3/11 1:46 PM, Stephen Gallagher wrote: > > Well, there exist central storage approaches that don't allow even > > the local admin access to the data. The trade-off of course is that > > they can't reinstate your access if you forget the password. In > > other words, you can set a password that is used as a symmetric key > > for encrypting your data in the central store. It's still central > > and can be retrieved from anywhere, but only you know how to read > > it. > > You still seem to be missing the relevance of unscrupulous > administrators and compromised systems to "man in the middle" any > interactions you have with this system. Unless you never access the > data yourself once the unscrupulous admin or attacker has gained > access, then such a person can pretty easily intercept your password > and get at your data. > > Ian No, the way that such a system would work is that the password would never be passed to the central server. Only the encrypted data would be sent and received. All decryption would happen locally. The most a man-in-the-middle attack could accomplish would be damaging the file so it couldn't be decrypted anymore. That could accomplish a denial-of-service, but not grant the attacker privileges to use your keys.
Description: This is a digitally signed message part