Oddbean new post about | logout
Kanzan | 1 years ago (raw) | root | parent | reply | flag 
 OK

someone breaking AES-256 encryption is not in my threat model.
and i also can and do have a secure offline backup that can be restored anytime. it doesn't require chasing down stray bits.

but its a difference in design philosophy and I respect your approach.
mleku | 1 years ago (raw) | root | parent | reply | flag 
 i'm not so stupid as to think that AES-256, which isn't even a protocol actually, it's a collection of them, and the difference that matters, can be broken.

it's always side channels and handshakes and this sort of thing.

i don't know how my brave sync got breached but a device appeared on the list that i definitely did not put there. so i presume it was the browser itself was penetrated, and specifically the access to the memory where that key is stored.

i think you are way too trusting, and let's just leave it at that.

anyone who pins their security on a web browser is on the road to trouble.