[liberationtech] Is spideroak really zero-knowledge?
Tony Arcieri
bascule at gmail.com
Tue Aug 13 00:32:43 PDT 2013
On Mon, Aug 12, 2013 at 11:02 PM, Percy Alpha <percyalpha at gmail.com> wrote:
> @Tony,
> "The secret that keeps your data accessible to you alone is your SpiderOak
> password, which is never transmitted to SpiderOak in its original form."
> https://spideroak.com/engineering_matters
>
Again, they seem to be talking about client-side encryption here. A
zero-knowledge proof around a password looks a bit more like this:
https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol#Protocol
Short of implementing something like SRP they don't have a true "zero
knowledge" system IMO
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130813/b3c8dce8/attachment.html>
More information about the liberationtech
mailing list