secring and dropbox

jiangzuoyan at gmail.com jiangzuoyan at gmail.com
Wed Jul 20 03:42:19 CEST 2011


I thinks it's a bad idea.

If exposure of private keys is acceptable, why not just using AES like
methods?

To backup private keys, I think printer is better, and more realiable than
dropbox like cloud storages. The security of dropbox is far from claimed,
don't trust them. see
http://techcrunch.com/2011/06/20/dropbox-security-bug-made-passwords-optional-for-four-hours/
 and http://blog.dropbox.com/?p=821,
http://hardware.slashdot.org/story/11/05/15/2157202/Dropbox-Accused-of-Lying-About-Security


                                                      Changsheng Jiang


On Wed, Jul 20, 2011 at 09:28, Aaron Toponce <aaron.toponce at gmail.com>wrote:

> On Tue, Jul 19, 2011 at 04:16:17PM -0400, Len Cooley wrote:
> > Is it a bad idea to place your secring in dropbox?
>
> I guess it's all about security versus convenience. So long as your
> passphrase contains enough entropy, is strong, and secure, then I don't see
> the big deal.
>
> With that said, I don't see the need either. You have the tools and
> hardware available to you, at very cheap prices, to build your own cloud
> storage on your own private network. We've had this for years. So why trust
> some 3rd party to do it for you? Why risk, even a miniscule amount of
> privacy when you don't have to?
>
> Just my $0.02.
>
> --
> . o .   o . o   . . o   o . .   . o .
> . . o   . o o   o . o   . o o   . . o
> o o o   . o .   . o o   o o .   o o o
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110720/35be3552/attachment-0001.htm>


More information about the Gnupg-users mailing list