<p>They could be encrypting to 2 keys: your password and a key that they do not share, but use to read from Amazon or whatever. It is possible that they also then generate the hashes prior to encryption. The level of protection is such that one couldn't steal the files from S3 but a DB empl might be able to.</p>
<p>Just some speculation...</p>
<p>--<br>
Sent from my HTC Dream---Running Froyo!<br>
Thanks, @cyanogen!</p>
<p>On Sep 16, 2010 12:32 PM, "Pat Regan" <<a href="mailto:thehead@patshead.com">thehead@patshead.com</a>> wrote:<br type="attribution">> On Thu, 16 Sep 2010 12:00:02 -0400<br>> Geoffrey Myers <<a href="mailto:lists@serioustechnology.com">lists@serioustechnology.com</a>> wrote:<br>
> <br>>> I guess they should specify that if the find the file in their global <br>>> repository, then they won't copy it. Point being, they should be up <br>>> front in telling you they'll look at your stuff for the sake of <br>
>> expediency when updating other folk's stuff.<br>> <br>> If they have the ability to identify and deliver an identical file from<br>> someone else's account then it makes their claim that your files are<br>
> being protected by aes-256 and are inaccessible to their employees feel<br>> pretty hollow.<br>> <br>> Pat<br>> _______________________________________________<br>> Ale mailing list<br>> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> <a href="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</a><br>> See JOBS, ANNOUNCE and SCHOOLS lists at<br>> <a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a><br>
</p>