| I think it's just stupid to trust anyone with your passwords even when they are encrypted. We all know how just after some years all encryption can be rendered useless by some technical advancement or mathematical brake-through (potentially). In my opinion you are far better off with some device (mooltipass, yubikey) that holds your credentials because you have physical control over it and the chances your encrypted passwords are stolen are much lower than going with the cloud option. This isn't about being paranoid but about minimizing the risk of ones credential being exposed/compromised. We trust entities far too much for my taste and next to credentials I also don't feel comfortable with private pictures and videos of/with me being uploaded to some cloud. 1. Something could go wrong while transport (poor SSL/TLS, compromised devices in between (MITM) & weak crypto)
2. Something could go wrong on the companies side (failure to implement crypto properly, usage of weak crypto, bad server security)
3. Most encryption can be broken and it probably will be broken. This isn't about the fear of quantum computing but plain logic. Crypto often relies on some mathematical assumption that states that no one can break something in a realistic amount of time (e.g. discrete logarithms) which is rendered useless by superior equipment/power to calculate. Then there is implementation details which are too complex (or the people who implement it just don't take enough care) to be executed in the correct (=secure) way, easily. This is a problem we can see on many waypoints in these scenarios and this fact for itself increases the risk of being compromised in a scale I'll always try to weigh in and to minimize. |