RE: [projectvrm] Evernote (Was: FetchThis: Q about credentials)

["T.Rob" < >]

Is that for general public consumption?  Last  I looked, the Evernote web site still said they are constrained by export laws.  I know Steve Gibson would be VERY interested to hear it.  He and Leo LaPorte are both users but constantly warn listeners not to put anything important there.  I'm sure Evernote is taking a hit from the negative publicity and the news could reverse that trend.  But I won't forward to them without knowing Evernote can confirm it or that it's already published.  Or Evernote can just contact them directly.  I'm sure Steve and Leo would at least tone down the "don't put important stuff here" message if they knew there is better crypto on the way soon.

 

-- T.Rob

 

 

From: Matt Hogan [mailto: ]
Sent: Thursday, July 11, 2013 10:50 AM
To: T.Rob
Cc: Drummond Reed; ProjectVRM list
Subject: Re: [projectvrm] Evernote (Was: FetchThis: Q about credentials)

 

I chatted with a friend over at evernote, and here is the official word they gave back as far as 64-bit RC2 vs. 256-bit AES: 

 

Evernote is planning to launch significant upgrades to the optional client-side encryption features later this year, including updated algorithms to take advantage of the additional flexibility allowed under changes to the US export control laws, as well as other user-selectable features.

 

Just figured I'd let the group know, and any evernote users, know. 

 

 

On Thu, Jul 4, 2013 at 2:16 AM, T.Rob < " target="_blank"> > wrote:

I put a Flattr button on my web site.  Does that count?

 

In any case, you've given me a great idea what to do for the holiday.  I'm going to stand by the freeway ramp with a sign that says "Will consult for tips" which has a certain symmetry in that I'd be both giving and getting them.

 

 

From: " target="_blank"> [mailto: " target="_blank"> ] On Behalf Of Drummond Reed
Sent: Thursday, July 04, 2013 1:59 AM
To: T.Rob
Cc: ProjectVRM list
Subject: Re: [projectvrm] Evernote (Was: FetchThis: Q about credentials)

 

T.Rob, if the list had a tip jar, I'd be filling it for you. Thanks for the good practical advice.

 

On Wed, Jul 3, 2013 at 10:02 PM, T.Rob < " target="_blank"> > wrote:

For what it's worth, Personal uses 256-bit AES and Evernote uses 64-bit RC2 with 40-bit keys to encrypt your data.  If you don't have an account yet, steer towards Personal instead of Evernote.  If you do have an Evernote account, consider that their explanation for using RC2 is due to crypto export restrictions.  Those restrictions were removed long ago when it became apparent that everything under the original crypto restrictions was brute-forceable.  Not the place for your most sensitive data.

 

From: Peter Cranstone [mailto: " target="_blank"> ]
Sent: Wednesday, July 03, 2013 11:37 PM
To: Drummond Reed; Brian Berson
Cc: Mary Hodder; T.Rob; Adam Carson; ProjectVRM list
Subject: Re: [projectvrm] FetchThis: Q about credentials

 

Brian,

 

This is a truly tough issue to deal with and I empathize with you.

 

I was part of the team that built the worlds first commercially secure operating system (http://www.secure64.com) so I understand what it takes to really lock down an OS (it's ridiculous). If hackers can get in to Govt. sites etc then unfortunately there's no way anymore to say that a system is truly secure. Without Root Trust, and a hardware platform and operating system that compliments it, it's impossible to offer that level of security with Linux or Windows in a commercial environment (vs. Military).

 

Security & Privacy is a process not a product. VRM will need to apply a defense in depth strategy that increases identity authentication requirements as the value of the data goes up. This is why Kevin's idea of distributing your date through multiple clouds makes a lot of sense. If all the data is distributed it will be harder to hack every site to access your data. However if the hacker guesses your login then it doesn't matter anyway.

 

And this is why I want to introduce another concept to VRM… contact. The smartphone is the marriage of content and contact, and it's really the first to do so in a convenient package. I believe that VRM solutions of the future will require voice authentication to access data as well as additional forms of physical identification such as a retinal scan.

 

BTW still nothing showing up in Evernote. I'll update you in the am.

 

Happy 4th.

 

 

Peter

_________________________
Peter J. Cranstone
CEO.  3PMobile

Boulder, CO  USA

Improving the Mobile Web Experience

 

Cell: 720.663.1752

Web site: www.3pmobile.com

 

CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain information that is confidential or legally privileged. Any unauthorized review, use, disclosure or distribution of such information is prohibited. If you are not the intended recipient, please notify the sender by telephone or return e-mail and delete the original transmission and its attachments and destroy any copies thereof. Thank you.

 

 

--

CEO/Founder
DataCoup, Inc.

Datacoup.com

@matthewphogan

@datacoup

415-533-7492