Bear Bottoms Lectures On Encryption !!!
in [Cryptography]
|
Prev: Using a kind of running accumulation of ciphertext as chaining valueof encryption
Next: Active sboxes
From: Tiger Would on 6 Mar 2010 08:57 On Fri, 5 Mar 2010 20:56:22 -0500, Tiger Would wrote: > On Sat, 06 Mar 2010 01:48:30 GMT, Bear Bottoms wrote: > >> Test User <testing123(a)none.invalid> wrote in >> news:hms8ap$6tq$1(a)news.eternal-september.org: >> >>> On Fri, 05 Mar 2010 23:35:09 +0000, Bear Bottoms wrote: >>> >>>> It has been proven that LastPass is at the least as secure...and >>>> argumentatively more so. >>> >>> Made up flummery. You're trusting data to a third party. Period. >>> Breaking one of the very basic tenets of keeping data secure. That's >>> really the end of the discussion as far as LastPass goes, except that >>> you've now further discredited the software by relating how it allows >>> unfettered in_the_clear access to your private data from any machine >>> at all. Trusted or otherwise. >>> >>> No, The LastPass paradigm is inherently and demonstrably flawed. There >>> certainly exist some situations where key escrow is a necessary evil, >>> such as certain employer/employee relationships, but LastPass has >>> absolutely no such standing. They have no ownership or interest in >>> your data, and should therefore be hands off. >> >> This is absolutely proven to be flawed thinking. >>> >>>> Investigate it yourself...rather than just >>>> throw out false statements. >>> >>> Disagreeing with your superficial, misinformed, laypersons assessment >>> of a password manager doesn't make anything I type a falsehood, no >>> matter how much you'd like to believe otherwise. >> >> That is why I said investigate it yourself...see what the experts >> say...they debunk your flawed thinking. >>> >>> I've been using, reviewing, selling/installing, assisting in the >>> development of both as a beta tester and code writer, and even >>> teaching others how to use this type of software for quite possibly >>> longer than you've been alive, and for sure longer than you've known >>> such things existed. Security, encryption, anti-malware..... it's my >>> "thing" and I have the College accreditation to back that up. >>> >>> I've extensively tested literally hundreds of password management >>> schemes, over a span of time measured in decades. I even wrote one >>> myself as an academic exercise. There's no need for me to look at >>> anything any more closely than reading the words you post here >>> yourself. LastPass isn't anything new. It's a quite old scam in fact, >>> telling unwitting users that their data is more secure in the hands of >>> strangers than it is in their own pocket. You're not, by a long shot, >>> the first person to be hoodwinked by that sort of confidence game. Nor >>> will you be the last. >> >> I'll give you the encrypted file...you crack it genius. We've been down >> that road before so I know you can't do it. >>> >>> In any case, my only hope here is that other readers consider >>> carefully whether they trust unknown third parties with their >>> passwords. Because in spite of all the hype about local encryption and >>> such, that's what you're doing in essence. And you should never, EVER >>> be entering sensitive things like passwords on an untrusted machine. >>> >> The link to KeeFox debunks your flawed thinking...read it. >> >>> I don't expect you to change your opinion, in fact we're all painfully >>> aware of your tendency toward chatting up bad software just out of >>> spite when someone points out your mistakes. That's your signature >>> move. So go ahead and have whatever last words you think might redeem >>> you in your own eyes, because having now explained WHY you are once >>> again off the mark with a piece of security software so that at least >>> some others might not be misled by you, my job here is accomplished. >>> And I have neither the time nor the inclination to engage you in any >>> of your other juvenile antics. >>> >>> Good day. >>> >> It is not an opinion. It is a result of researching the subject >> thoroughly. LastPass security methodology is absolutely safe. I'll repeat >> my challenge. I'll give you my encrypted cvs/xml file of all of my >> passwords and usernames. You crack it. You can't do it. Also, you can't >> get that file from my computer because it doesn't reside there. My >> computer is far less secure than the servers at LastPass. Isn't that >> where KeePass keeps it's encrypted data...on your less secure >> computer...the place hackers would look to get your information. > wow -- http://tr.im/1f9p |