[Chugalug] Dropbox (and other Python Apps) Reverse-Engineered
cluon at geeklabs.com
Wed Aug 28 19:31:25 UTC 2013
On Wed, 28 Aug 2013, wes wrote:
> A smarter plan is to remove the need for secrets. Use strong encryption and authentication, which are essentially
> provided for you already in the shape of libraries. Leave the workings in the open. All that remains is for your users'
> keys to be compromised, and the attacker can then gain access to that user's data only. This is the power of open
> source: with many eyes on the system, the weaknesses will be brought to light quite rapidly.
Regarding the keys. I'm temped to add AGP to my Android phone so I can
decrypt email from the 5 or so people I can use GPG'd email with from
my phone. But my quandry is putting my private keys on the phone, which I
really don't trust to keep them private on, or creating a different keyset
for my phone, but then I'd have multiple keys for other people to decide
which I might be using to read their email, or encrypt with both.. or..
So I'm just using one machine right now for GPG.. and I'm not so sure I
trust it much, but I trust it more than I trust my phone.
More information about the Chugalug