Now, this lack of a recovery password procedure seems a bit extreme #mega #cloud #infosecpic.twitter.com/ERylhOT5ay
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
@khaxan If they're telling the truth that there's no way to recover, that means they're doing crypto right.
@RichFelker obviously Mega shouldn't be able to recover it; but the user? and by recover I mean reset it.
@khaxan How would you make it so the user can recover it without also allowing third parties to recover it?
@RichFelker again, reset no recover, passwords are supposed to be hashed. SMS could be an option, or provide an altern. way to auth like USB
@khaxan Resetting would lose your data. As I understand it, the password is actually used to derive the key that your data is encrypted with
@RichFelker Alternative token? Alternative trusted account maybe? Other companies who lack similar "no recovery" process are working on it
@khaxan Any of those options compromise the crypto. The whole point of crypto is for data to be unrecoverable without knowing the key.
@RichFelker I know the point of crypto. And the options stated are just trying to provide a mechanism not to break it but as a fail safe
@RichFelker a perhaps expensive way 2 do it is to duplicate the info &encrypt it w/ 2 diff keys, one with a pass & other with a USBCert
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.