Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Mar 2014 21:05:47 -0700
From: Chris Palmer <>
Subject: Re: Re: When is broken crypto a vulnerability?

On Mon, Mar 10, 2014 at 2:48 PM, Hanno Böck <> wrote:

> It ultimately comes down to this: Do we consider "encryption" to be a
> term that means "secure encryption" (something like AES) or would we
> also consider a vigenere cipher "encryption"?
> I'd vote that calling a well-known broken cipher "encryption" is a
> misrepresentation and a possible risk.

We know that people want (at least) data confidentiality when they opt
to use an "encryption" feature. Why play word games? A failure to help
people understand what is available and what is not available leads to
vulnerabilities. We can no longer pretend that UX is unrelated to
technical security concerns.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ