Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

SpiderOak user here.

Just remember to not use the Web UI: if you do so, your plaintext password is sent to the servers, because decryption happens on the servers. This is mentioned in their FAQ. Unless things have changed since the last time I checked.



I've always assumed that Dropbox's light encryption was because of their Web UI, which is a pretty big feature for most users.

Different crowds.


Is it feasible to do the decryption in JS? LastPass for example encrypts the passwords and never sees the plaintext. Although decrypting a plaintext password is a significantly smaller problem than decrypting large files.


They don't utilise https? Please tell me that isn't true.


HTTPS doesn't matter. Without client-side decryption, you are forced to give the server your password so it can decrypt the file for you.


See other reply below. And to answer your question, yes, they use HTTPS.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: