Loading Profile...
How are the passwords I store on myVidoop protected?
I am concerned about the security of the passwords that I store with Vidoop. I heard that other services like yours encrypt the passwords before sending to the server. As I understand it, I enter a password, and the myVidoop server encrypts and stores it.
Is it true that no one else can access my password? What about people who work in the server room? If someone had access to the database key couldn't they reverse engineer the password?
Please tell me more about how your encryption system works, and who has access to the key.
Is it true that no one else can access my password? What about people who work in the server room? If someone had access to the database key couldn't they reverse engineer the password?
Please tell me more about how your encryption system works, and who has access to the key.
I’m secure
2
people have this question
I have this question, too!
Tell me when someone answers.
The more people who ask this question, the more it gets noticed.
The more people who ask this question, the more it gets noticed.
Create a customer community for your own organization
Plans starting at $19/month
-
Inappropriate?Important information like your passwords are strongly encrypted (AES
128-bit, to get a little technical) with a secret key that no single Vidoop
employee has. We log every sensitive request and we are alerted about any
suspicious activity by an automated system. Finally, the servers themselves
are only accessible by a handful of employees, both physically and remotely.
The key that we use to encrypt is generated for your specific user account,
and is not known by us.
I hope that helps! Let us know if you have more questions.
I’m helping....
-
Inappropriate?> The key that we use to encrypt is generated for your specific user account,
and is not known by us.
And where this key is stored? As I understand, I can access my password from any browser without additional software installed. So where is a key? -
Inappropriate?Sorry, by "not known by us" I mean "not known by any given employee." Ultimately, you are right. The needed keys are stored completely on our side of the fence. However, it would take multiple employees conspiring together to obtain the secret used to encrypt your passwords.
More specifically, the users' keys are stored as an encrypted blob in our database, using a master key that no single admin knows. Administrators are given a fragment of the master key, and the key is reconstructed at a service's runtime using Shamir's Secret Sharing algorithm. We carefully chose this algorithm because it guarantees that you absolutely need K fragments in order to obtain the secret, and that any number of fragments less than K is guaranteed to not give you any information about the secret.
