Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> In practice, it is most certainly not pointless .... chances of master key recovery by Microsoft are definitely not the same.

I don't think those two sentences hold water when put together. In practice, if your risk is master key leakage and theft of the encrypted data by microsoft, you shouldn't be using windows. If you suspect that, MS can have a kernel mode driver masquerading as anything else, and it can just siphon your master key whenever you enter it.



And now that ms auth is apparently mostly compromised, extend microsoft to any threat actor in the wild.

I like VC for the portability of the encrypted .tc files. Keep all my backups as tc files, and recovered from more than one failure using them.

Once had an issue where dropbox corrupted the duplicates, so dont use dropbox anymore.


>ms auth is apparently mostly compromised

just gonna drop that like that aint a $10k+ implication, gonna need a src or ref thanks

unless you mean by 3letters, which dont exactly give their backdoors to randoms.

randoms aint coming across 3letter's backdoors, not active/modern ones anyway


https://news.ycombinator.com/item?id=37702095

it's probably more than a $10k implication..




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: