On 11/21/07, Paul Louden <paulthenerd_at_gmail.com> wrote:
>
> Exactly what is your intent with such a plugin? Why is encrypting the
> information on the device considered better than encrypting them on the
> host, and decrypting them on the destination?

It is preferable to do the encryption/decryption on the device for a couple
of reasons off the top of my head. First, I may not even have permission to
install the decryption routines on the computer (most public computers, a
lot of "work" computers, etc.). Second, I may trust the "public" computer
with say my password to slashdot.org, but I certainly don't want them to
have access to all of my passwords and private data. Basically it's just a
way limiting the information given out to the bare minimum, and would be
much more convenient for me personally, and I assume for others. Also I
have private data that I never really need to enter into other machines, but
I like to be able to access (financial data).

Surely if both the host and destination are secure enough for making use
> of the unencrypted files, encrypting and decrypting them there are also
> valid? And much, much, faster?
>

That would sometimes work, yes, but I am unconvinced that it will be
real-world faster for small amounts of data (If it takes .5 seconds, vs .01
seconds, who cares? Especially if I'd have to spend 5 minutes downloading
and installing software on the public machine). If we're talking about
gigabytes of data, then yes, you are certainly correct (this is definitely
not my target use case).

-mud
Received on 2007-11-21