Re: [projectvrm] Evernote (Was: FetchThis: Q about credentials)

[Drummond Reed < >]

T.Rob, if the list had a tip jar, I'd be filling it for you. Thanks for the good practical advice.

On Wed, Jul 3, 2013 at 10:02 PM, T.Rob < " target="_blank"> > wrote:

For what it's worth, Personal uses 256-bit AES and Evernote uses 64-bit RC2 with 40-bit keys to encrypt your data.  If you don't have an account yet, steer towards Personal instead of Evernote.  If you do have an Evernote account, consider that their explanation for using RC2 is due to crypto export restrictions.  Those restrictions were removed long ago when it became apparent that everything under the original crypto restrictions was brute-forceable.  Not the place for your most sensitive data.

 

From: Peter Cranstone [mailto: " target="_blank"> ]
Sent: Wednesday, July 03, 2013 11:37 PM
To: Drummond Reed; Brian Berson
Cc: Mary Hodder; T.Rob; Adam Carson; ProjectVRM list
Subject: Re: [projectvrm] FetchThis: Q about credentials

 

Brian,

 

This is a truly tough issue to deal with and I empathize with you.

 

I was part of the team that built the worlds first commercially secure operating system (http://www.secure64.com) so I understand what it takes to really lock down an OS (it's ridiculous). If hackers can get in to Govt. sites etc then unfortunately there's no way anymore to say that a system is truly secure. Without Root Trust, and a hardware platform and operating system that compliments it, it's impossible to offer that level of security with Linux or Windows in a commercial environment (vs. Military).

 

Security & Privacy is a process not a product. VRM will need to apply a defense in depth strategy that increases identity authentication requirements as the value of the data goes up. This is why Kevin's idea of distributing your date through multiple clouds makes a lot of sense. If all the data is distributed it will be harder to hack every site to access your data. However if the hacker guesses your login then it doesn't matter anyway.

 

And this is why I want to introduce another concept to VRM… contact. The smartphone is the marriage of content and contact, and it's really the first to do so in a convenient package. I believe that VRM solutions of the future will require voice authentication to access data as well as additional forms of physical identification such as a retinal scan.

 

BTW still nothing showing up in Evernote. I'll update you in the am.

 

Happy 4th.

 

 

Peter

_________________________
Peter J. Cranstone
CEO.  3PMobile

Boulder, CO  USA

Improving the Mobile Web Experience

Cell: 720.663.1752

Web site: www.3pmobile.com

 

CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain information that is confidential or legally privileged. Any unauthorized review, use, disclosure or distribution of such information is prohibited. If you are not the intended recipient, please notify the sender by telephone or return e-mail and delete the original transmission and its attachments and destroy any copies thereof. Thank you.