Earlier discussion that now points to a broken link (the document was moved): https://news.ycombinator.com/item?id=22409838

Duplicate of https://news.ycombinator.com/item?id=21707799

Follow up: https://news.ycombinator.com/item?id=21814725

More comments: https://news.ycombinator.com/item?id=20388029

Sounds like a startup opportunity. :) RackSpace for hobby projects?

NaviCat Premium worth the money

From the DirectProject blog, on 08/11/2011:

"Moving on... It's been a fantastic ride"

If it turns out to be the cause too (maybe similar to cervical cancer), it's a huge discovery.

Asimov's book on science history is an interesting read, full with similar discoveries that were ignored for many years.

http://www.amazon.com/Far-Human-Eye-Could-See/dp/155817107X

You can email the user a one-time token for setting a new password.

You should never store the users password.

When you email a token, you're back to square 1 and will need 2 factor auth.

In addition the reset password is not possible when the data is encrypted on the client side. This is how TrueCrypt works - if you forget the password, all your data is lost.

Data isn't encrypted on the client side only the "password" is.

Data encryption on the client side is one of the 5 features. See https://github.com/rahvee/CBcrypt and the "Tech Details Video".

"Users are able to login to servers, and encrypt all their data, without ever exposing their password or encryption keys to the server."

"And if the user's data on the compromised server is encrypted using the user's keypair, then even the users' data is still protected."

Duplicate of https://news.ycombinator.com/item?id=10321678

The "duplicate" links to the LinkedIn's notice about the settlement, but there are more resources on the address above.