How does Tresorit manage my password when I access my account via a browser?



1 comment

  • Avatar

    I am by no means an expert on security matters.

    However I would like to understand better. You mention that our private encryption key is not present on your servers, however from this post I understand that it is, but it is encrypted with our password. When we authenticate our password is used to decrypt our profile (point 1-3 above).  Our profile contains our private and public keys.

    How can this be considered safe? Our password is usually not a very strong encryption key and someone (eg. one of your staff) can take all the time necessary to crack it by brute force.

    Is this wrong?


Please sign in to leave a comment.