"Your password never leaves your phone or computer and is not stored anywhere.
Encryption occurs locally. You are the only one that can decrypt your data!"
square with
"Anywhere, anytime access.
Access on the phone, web or desktop. All apps work in offline mode & auto sync when connected."
If they provide a web interface, they'll probably get access to my key at least temporarily (unless they decrypt in JavaScript and I trust them to not hijack this). GPG + Dropbox seems a little less convenient, but significantly safer since I have full control over the encryption process, especially in view of the fact that the US seems to be keen on listening in on cloud data of non-US citizens.
In all cases, including the web interface, the app is client-side. When you access the web interface, a Silverlight app is actually downloaded to your browser, so decryption and encryption is always done locally. Once a box has been modified, the box is encrypted locally, saved locally, and then it is uploaded over HTTPS to cloud storage.
With no-compromise security in place, and with the incredible convenience the app affords, it is leaps and bounds better than home brewed solutions like GPG + Dropbox (which I have used for many years prior to switching to Strongbox).
I have found Strongbox so awesome, that I wanted a Terminal/command-line "Strongbox reader", so I recently wrote a Ruby gem and command-line interface for decrypting and reading Strongbox files:
Just try Strongbox, and I'm sure you'll be quickly impressed. Besides the obvious conveniences, including box sharing, it is possible to transfer ownership (e.g. you start a box, and pass its ownership on to your client). Also, there is an amazing feature planned that will bring cloud password storage to the next level.
"Your password never leaves your phone or computer and is not stored anywhere. Encryption occurs locally. You are the only one that can decrypt your data!"
square with
"Anywhere, anytime access. Access on the phone, web or desktop. All apps work in offline mode & auto sync when connected."
If they provide a web interface, they'll probably get access to my key at least temporarily (unless they decrypt in JavaScript and I trust them to not hijack this). GPG + Dropbox seems a little less convenient, but significantly safer since I have full control over the encryption process, especially in view of the fact that the US seems to be keen on listening in on cloud data of non-US citizens.