brent saner on 12 Mar 2014 10:12:10 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Sensitive Personal Information In the Cloud? Why bother?

rich-

for the sake of my curiosity, can you highlight some of the algorithms that have been broken  vs. ones that haven't over the past 20 years off the top of your head (if you were referring to one/several in particular)?

brent s.
(on my mobile device)

On Mar 12, 2014 12:49 PM, "Rich Freeman" <r-plug@thefreemanclan.net> wrote:
On Wed, Mar 12, 2014 at 10:53 AM, Greg Helledy <gregsonh@gra-inc.com> wrote:
> This is a biggie, IMO.  The encryption considered very safe today could be
> trivial to crack 20 years from now.  If you wouldn't want the things you
> encrypt today being public 20 years from now, maybe cloud storage isn't the
> best choice.

20 years is a bit of a stretch in practice.  Some technologies that
old have been cracked, but only with resources that would not be
applied to anything not having a national security interest.  Other
technologies that old remain intact.

However, yes, it seems likely that there is little we can do to keep
data private forever.  Even if you don't keep it in the cloud there is
always a risk of theft/etc.  Who knows what rootkit lies in the heart
of your PC?

Security is all about managing risk.  There are certainly risks
associated with putting data in the cloud, but in practice there are
also risks in not putting data in the cloud.  I know I don't treat my
backups with the kind of procedural security most cloud providers are
likely to employ (well, not counting the backups I store in the
cloud)).  In fact, I consider my biggest risk if I have a disaster is
that all the local copies of my gpg key that encrypts my cloud backups
will turn out to be bad/lost/etc.  In that event, I'd welcome a swift
crack to RSA!  :)

Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug