Re: Progress is inevitable

[David M Chess <chess () us ibm com>]

Paul M Moriarty <pmm () igtc com>
> On Aug 19, 2009, at 10:57 AM, Ali, Saqib wrote:
> [...]
>
> >  power of Cloud Computing combined with a
> > AJAX pattern called Host-Proof Hosting.
>
> I'm sure that means something, I just have no idea what.

It's a fancy name for "the server gets only the ciphertext, at least for 
the most important stuff".  So PassPack is very secure in the sense that 
their server only stores the encrypted form of your website passwords, and 
never has the keys; only your browser (JavaScript in your browser) has the 
key, and it decrypts the website passwords at the client side.  So even if 
PassPack is penetrated, they have nothing of value to steal.  Assuming the 
penetrator just passively steals data, and doesn't send a Trojan update 
down to your browser.  :)

This pattern works quite well for some things, not so much or not at all 
for others (like ones where the server actually has to process the data, 
and that processing can't be done on the encrypted form). 

Some fun recent results that I can brag about on behalf of the Lab tell us 
that it's in principle possible to do all SORTS of processing on encrypted 
data, without decrypting it.  See

http://www-03.ibm.com/press/us/en/pressrelease/27840.wss 
http://portal.acm.org/citation.cfm?id=1536414.1536440 

etc. etc.  Sadly that's just a proof of possibility, not (yet) 
feasibility.

DC

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.