Ubuntu Forums - FYI

Sajan Parikh sajan at noppix.com
Wed Jul 24 10:02:01 UTC 2013 

On 07/24/2013 04:42 AM, Patrick Asselman wrote:
> The problem remains that they are an American company, bound by American
> law. The infamous Patriot Act can force companies to deliver data to the
> government unencrypted (this may be accompanied with a "gag order",
> preventing them to say anything about this).
>
> This *may* mean that they have a backdoor in their software (javascript
> or plugin) so that they can comply with this law. If that is the case,
> the security is only as good as the security of that back door. (Even if
> they were not American, you would have to trust that there is no
> backdoor or flaw in their software.)

Patrick, I genuinely don't mean to be rude.  However, this is the 
ignorant, tinfoil hat response I was referring to.

If you are theorizing that AES has any sort of 'backdoor' so that the 
secret Government bad guys with their black helicopters can knock on 
LastPass's door and gain access to your Twitter account...that's 
ridiculous thing I've heard and am counting you as a troll at this point.

AES is an encryption standard used by just about everyone.  If there was 
an easy way to crack it, let me know because it would mean that many 
things are just plain broken.

I will say that it'd be much easier for me to break into your house and 
find this notebook of yours than break a worldwide used encryption 
system, each user having their own key.

ref: https://lastpass.com/whylastpass_technology.php?fromwebsite=1

LastPass use AES with your master password as the key.  So as long as 
your master password (last pass, get it?) is secure, you're completely 
safe for the foreseeable future.

I'm honestly surprised you 'trust' enough people on the planet to even 
participate in a mailing list.

You scaring people away from LastPass does more harm than good.  Using 
an offline password manager can be argued to be less secure as well 
depending on a few factors.  Really don't want to get into it here though.

/rant - Agree that this thread should die.
-- 
Sajan Parikh
Owner, Noppix LLC

o: (563) 726-0371
c: (563) 508-3184

More information about the ubuntu-users mailing list