I can readily agree with your response.
My complaint is that your original article did not properly frame the risks of using Shatteredglass. I am not saying that those risks are *always* unacceptable. Not at all. In the situations you describe, reasonable individuals might be willing to take that risk; however, since there is a substantial risk of losing all one’s data, then the original article should have stated this risk prominently. It didn’t do so, and the omission is a serious one, because user data is at stake.
But once users are informed, they can make a decision themselves as to whether Shatteredglass is right or wrong for them.
I will end with an actual suggestion.
Suppose that the actual data was stored via Shattered glass in data store A. But now suppose that the actual keys themselves were sharded, encrypted and stored in some plurality of data stores other than data store A. Now to access the data in data store A, the shards must be collected from the various data stores, the keys reconstituted, and then those keys used to access the data from data store A.
I am not claiming that such an approach absolutely prevents a successful attack. Not at all.
But if the number of data stores used in storing the keys is great enough, it will become increasingly difficult to pull off an attack. Why? Many successful attacks must occur for an attacker get at at those shards, and the original key used to encrypt them needs to be found too.
If the encryption and sharding are both done properly, an attacher would need to break into every single such store. It is one thing to break into a single store, but if N stores are involved, and each store is implemented and secured somewhat differently, that’s a lot of break-ins.
So for users who want to reduce the risk of data loss while still protecting their data quite well, this second layer of defense might be attractive.