Hacker News new | comments | show | ask | jobs | submit login

I think the idea is that a users data is encrypted with their password, or a key derived from it. So the key doesn't really sit anywhere that the admin can access it, it only exists in memory for a short period of time when the user enters it into the website, and the web app is decrypting the data using it.

This doesn't just defend the data from unscrupulous sysadmins, it also defends data from hackers who manage to gain access and run a mysqldump.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact