I've learnt a lot reading this thread. Thank you all.
But I can't believe almost everyone here, talking about security, is talking about Dropbox even as a hypothetical cloud option for storing password related info.
- Dropbox (and most of the other cloud storage services) do not encrypt your data, or if they do now as they claim, with SHA256, I'd say they must be able to decrypt it whenever they want to, as they give you the "Did you forgot your password" option to change it, so they have to be able to decrypt it and encrypt it with your new password o whatever they use to encrypt) and they hired ¡Condoleeza Rice! for their board of executives (she puts "national security" over any privacy so...), so you can count any worker at Dropbox can peep at everything you upload whenever they want to.
Of course you'll think: "I'm not a terrorist, I don't care." Well, if a worker can take a look, and you don't even know him... The threat is quite clear to me.
MEGA, for example, does encrypt everything you upload taking as seed some derivation of your password, but they DO NOT store your password, so they can't ever decrypt it for themselves. Probably no one could know even the names of the files you have uploaded unless they already had your password (of course, if you lose it, you lose all of the files uploaded!!! Beware!!!).
I rather trust MEGA than Condoleeza's (big-brother government) Dropbox, seriously.
There must be other cloud storage services which encrypt data not storing enough info to decrypt it without your input. I just stumbled upon MEGA and liked the synch app.
But I can't believe almost everyone here, talking about security, is talking about Dropbox even as a hypothetical cloud option for storing password related info.
- Dropbox (and most of the other cloud storage services) do not encrypt your data, or if they do now as they claim, with SHA256, I'd say they must be able to decrypt it whenever they want to, as they give you the "Did you forgot your password" option to change it, so they have to be able to decrypt it and encrypt it with your new password o whatever they use to encrypt) and they hired ¡Condoleeza Rice! for their board of executives (she puts "national security" over any privacy so...), so you can count any worker at Dropbox can peep at everything you upload whenever they want to.
Of course you'll think: "I'm not a terrorist, I don't care." Well, if a worker can take a look, and you don't even know him... The threat is quite clear to me.
MEGA, for example, does encrypt everything you upload taking as seed some derivation of your password, but they DO NOT store your password, so they can't ever decrypt it for themselves. Probably no one could know even the names of the files you have uploaded unless they already had your password (of course, if you lose it, you lose all of the files uploaded!!! Beware!!!).
I rather trust MEGA than Condoleeza's (big-brother government) Dropbox, seriously.
There must be other cloud storage services which encrypt data not storing enough info to decrypt it without your input. I just stumbled upon MEGA and liked the synch app.