Another layer of security for data protection.
The idea looks good and it will need a good password escrow/vaulting (which requires additional Auditing) solution to reduce accidental loss of passwords.
Will this reduce the NSA and other snooping related fears?
According to the article:-
Your data gets encrypted using your password inside your browser before it goes to the server,” Popa says. “If the government asks the company for your data, the server doesn't have the ability to give unencrypted data.”
Popa developed the software with colleagues from MIT and a Web development software company, Meteor Development Group. A paper on Mylar will be presented at the Usenix Symposium on Networks Systems Design and Implementation next month.
The software is designed to work with a popular Web service building tool called Meteor, to make it easy for Web developers to use. Mylar’s design has code running inside a person’s browser take on most of the processing and presenting of information—work that a conventional service would do on its servers. But Mylar also includes some new cryptographic tricks that allow a server to do useful things with user data without having to descramble it.
Mylar also lets individuals share data with other users, thanks to a system that can distribute the necessary encryption key in a way that protects it from ever being disclosed either to the server or to someone monitoring communications.
A big usability challenge is that if anyone loses their password, they can permanently lose access to their information.
The links below has more information
No comments:
Post a Comment