Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

A lot of password managers seems to promote client-side encryption as a key feat

ID: 658344 • Letter: A

Question

A lot of password managers seems to promote client-side encryption as a key feature of their service. For example : LastPass, Firefox Sync, PasswordBox, etc...

They all say something like

Even we don't know your master password and cannot decrypt your data, hence it is more secure.

Making the user think that it protects him against the password manager he is using.

But, in reality, they control the code that does the encryption on the client side and can change it whenever they want to instead do the encryption on the server and you would not notice anything.

So, does it add any security?

Explanation / Answer

Client-side encryption does not protect against a malicious trusted application provider who decides to subvert their own system.

It does protect against attackers who breach the central store. Those people cannot decrypt without keys, and if the provider doesn't have the keys (the key feature (sic) described above), then the attacker can't steal those in the same manner. They'd have to compromise both the central store and the user endpoint(s), making a compromise of your data that much harder.

So does it really add security? Yes. Not for every use case, but for the use cases that realistically are a greater threat and a higher likelihood.

Related Questions

A loop with a resistance of 4.0 ohms is pushed to the left ata constant speed of
Question #1756852
A looped tree G = (V, E) is an edge-weighted directed graph built from some (dir
Question #3578876
A looped tree G = (V, E) is an edge-weighted directed graph built from some (dir
Question #3580876
A loops of wire with a radius of 0.2 m replaced the loop, but inside the solenoi
Question #1549783
A loops of wire with a radius of 0.2 m replaced the loop, but inside the solenoi
Question #1601405
A loose, floppy coil of wire is carrying current I. The loop of wire is placed o
Question #1259660
A loss of function mutation in lin-3, a gene that provides the inductive signal
Question #41834
A loss of function mutation in lin-3, a gene that provides the inductive signal
Question #42468
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
A lot of my security experienced friends have told me that I need to code my web
Next
A lot of times drugs are developed for one purpose but, due to their mechanisms

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.