[liberationtech] Is spideroak really zero-knowledge?
Patrick Mylund Nielsen
cryptography at patrickmylund.com
Mon Aug 12 22:38:44 PDT 2013
On Tue, Aug 13, 2013 at 1:35 AM, Percy Alpha <percyalpha at gmail.com> wrote:
> @Tom, "For this amount of time your password is stored in encrypted
> memory" but to actually use the key, the key has to be in plain-text form
> for sometime, during which it can be (forced to )intercepted.
>
> If they can force Lavabit to intercept users' emails, why can't they ask
> spideroak to secretly intercept users' moible app login?
>
They (or somebody else) can. So don't use mobile login.
Curious why the regular client logic can't run on mobile. Too intensive to
decrypt metadata maybe?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130813/13d65f35/attachment.html>
More information about the liberationtech
mailing list