This is a couple of years old, but some may have missed it the first time around: http://arstechnica.com/security/2012...rd-in-6-hours/
This is a couple of years old, but some may have missed it the first time around: http://arstechnica.com/security/2012...rd-in-6-hours/
Yes, Mr. Death... I'll play you a game! But not CHESS !!! BAH... FOOEY! My game is...
WIFFLEBALL!
If you HAD to do this, then maybe you could encrypt it with AxCrypt and then bury it in a folder. Maybe name the folder something like, "Grandma's Recipes" or something? Another thing you could look into is Kim Dotcom's "Mega" cloud service. He claims it's very secure. Although I've read that others don't think it is. As long as the encryption level is at least AES 256 and you aren't a celebrity, then I think you are generally pretty safe for all intents and purposes.
Very good advice. You know, when I first started working with financial service providers, everyone used Shiva Software's (later purchased by Intel) 2048 bit encryption. Now, I'm so used to stuff being done with only SSL, that I have to admit to falling asleep at the wheel on this topic.
Yes, Mr. Death... I'll play you a game! But not CHESS !!! BAH... FOOEY! My game is...
WIFFLEBALL!
That's going overboard and putting your data at risk. I mean, what software would you even use? Some obscure program that only a handful of developers support? And then you have to have that on every computer you are trying to access your data from. You have to consider, that it's very likely that nobody cares about stealing the personal data in the first place. The idea of security is not to try to stop the threat but just to slow it down enough. And to protect your stuff while still being able to use it normally. You have to be practical and consider what it is you are protecting. For example, I don't want my drivers license or credit cards to be stolen. But that doesn't mean I put them in a safe and carry the safe around with me chained to my back. I keep them in my wallet, in my pocket where it's safe enough.
Last edited by Webhead; 09-09-2014 at 04:29 AM.
PGP if willing to spend, GnuPG if not. Hardly "a handful of developers" supporting it.
I know you are a fanboy, but real computers have USB ports. Anyway, this is about *storing* data in the cloud, not having it available to sync on all devices - which anyway shouldn't be done with sensitive data.
Chances of someone targeting me specifically are basically 0. But I would be just one entity whose data is stored. I guess you wouldn't mind putting 10 years worth of tax returns on Facebook, would you?
Wrong, you start with the idea of completely stopping the threat for all practical current future purposes. Someone tries to brute force an account - you lock it, you don't rely on the fact that it will take X years to break it and that is not practical. When I was doing the admin job I had people who would forget their passwords on a regular basis. I could retrieve most of them in under 5 min (yes, you read right, 5 min for 8+ characters with upper&lower case + numbers). Rainbow tables... See, what seems impractical and slowing down "enough" for one is trivial for someone else.
Apples to oranges. You don't also carry around your SSN card, do you? Or a copy of your tax return... or $10,000 in cash for that matter.
What's the worst that can happen if your license and cards get stolen? You spend 20min on the phone to cancel the cards and 3hrs at DMV to get a new license. Now what if you lose sensitive info that can be used for other purposes if stolen? Potentially years worth of trouble with stolen identity and wrecked credit.
Always pains me when I have to agree with CeeBee, but he's right. PGP is a well supported standard, and these days, you just can't be paranoid enough. With Windows XP, cracking a password protected computer took 5 minutes if you had a break to go out for coffee. Win7 and Win8 are a little harder, but with the right tools, it's still pretty easy.
Only password I couldn't crack was a 12 character password for an Excel spreadsheet used by the local PD. The guy who wrote the spreadsheet had barely finished it when he had a massive heart attack and literally fell over dead. I ran a password cracker on it, but after 3 days, I wrote it off as a lost cause. That was over 10 years ago, and I expect with the current level of hardware and software available, I could bust it in about 2 hours.
Last edited by slgrieb; 09-09-2014 at 02:27 PM.
Yes, Mr. Death... I'll play you a game! But not CHESS !!! BAH... FOOEY! My game is...
WIFFLEBALL!