My favorite crypto feature is limited cracking attempts. Socialist millionaire, PAKE, Secure Enclave, YubiKeys, this http://blog.cryptographyengineering.com/2016/08/is-apples-cloud-key-vault-crypto.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+AFewThoughtsOnCryptographicEngineering+(A+Few+Thoughts+on+Cryptographic+Engineering)&m=1 …
-
-
probably the same facilities they have user data stored at, but does it matter?
-
A HSM owned & physically possessed by someone other than yourself is basically security theater.
-
can you please describe how they could have possibly made the service more secure?
-
I don't think they really could.
-
My complaint is not that it should be more secure, just that it shouldn't be advertised as secure.
-
because of a theoretical vulnerability that might possibly exist in their HSMs?
-
No, because with physical access & a big enough budget you can always extract keys from a HSM.
-
mh, real world users don’t have strong passwords, or targeted nation state adversaries. Security is relative.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.