oss-sec mailing list archives
Re: Re: When is broken crypto a vulnerability?
From: Chris Palmer <snackypants () gmail com>
Date: Mon, 10 Mar 2014 21:05:47 -0700
On Mon, Mar 10, 2014 at 2:48 PM, Hanno Böck <hanno () hboeck de> wrote:
It ultimately comes down to this: Do we consider "encryption" to be a term that means "secure encryption" (something like AES) or would we also consider a vigenere cipher "encryption"? I'd vote that calling a well-known broken cipher "encryption" is a misrepresentation and a possible risk.
We know that people want (at least) data confidentiality when they opt to use an "encryption" feature. Why play word games? A failure to help people understand what is available and what is not available leads to vulnerabilities. We can no longer pretend that UX is unrelated to technical security concerns. -- http://noncombatant.org/
Current thread:
- When is broken crypto a vulnerability? Hanno Böck (Mar 10)
- Re: When is broken crypto a vulnerability? Alex Gaynor (Mar 10)
- Re: When is broken crypto a vulnerability? Chris Palmer (Mar 10)
- Re: When is broken crypto a vulnerability? cve-assign (Mar 10)
- Re: When is broken crypto a vulnerability? Hanno Böck (Mar 10)
- Re: Re: When is broken crypto a vulnerability? Chris Palmer (Mar 10)
- Re: When is broken crypto a vulnerability? cve-assign (Mar 10)
- Re: When is broken crypto a vulnerability? cve-assign (Mar 11)
- Re: When is broken crypto a vulnerability? Hanno Böck (Mar 10)
- Re: When is broken crypto a vulnerability? Alex Gaynor (Mar 10)