Comments on: Client-side encryption http://support.threetags.com ThreeTags Online Notebook: keeping your data private Wed, 28 Jul 2010 13:55:18 +0000 hourly 1 http://wordpress.org/?v=3.0 By: ThreeTags http://support.threetags.com/docs/client-side-encryption/comment-page-1/#comment-1140 ThreeTags Wed, 28 Apr 2010 00:52:28 +0000 http://blog.threetags.com/?page_id=52#comment-1140 Hi David, Your understanding is correct. Neither user data, nor the password, are transmitted unencrypted. The weakest link here is the iPhone and the browser. Best regards, ThreeTags support Hi David,

Your understanding is correct. Neither user data, nor the password, are transmitted unencrypted. The weakest link here is the iPhone and the browser.

Best regards,
ThreeTags support

]]> By: David http://support.threetags.com/docs/client-side-encryption/comment-page-1/#comment-1139 David Tue, 27 Apr 2010 22:49:42 +0000 http://blog.threetags.com/?page_id=52#comment-1139 If I understand this correctly, data are not encrypted on the iPhone, but are at least somewhat restricted by a passcode. When information is synchronized with the server it is first encrypted on the iPhone and that encrypted file is sent to your servers. When viewing the server information through the Notebook interface, the file is sent encrypted then decrypted via Javascript on the browser used, so that it is never transmitted in the clear. Or have I misunderstood? I hope to use your product for server passwords at a fairly large institution. I'll use a very secure password. Should I worry about any other part of the encryption infrastructure? David If I understand this correctly, data are not encrypted on the iPhone, but are at least somewhat restricted by a passcode. When information is synchronized with the server it is first encrypted on the iPhone and that encrypted file is sent to your servers.

When viewing the server information through the Notebook interface, the file is sent encrypted then decrypted via Javascript on the browser used, so that it is never transmitted in the clear.

Or have I misunderstood? I hope to use your product for server passwords at a fairly large institution. I’ll use a very secure password. Should I worry about any other part of the encryption infrastructure?

David

]]>