Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Mar 2014 21:05:47 -0700
From: Chris Palmer <snackypants@...il.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: Re: When is broken crypto a vulnerability?

On Mon, Mar 10, 2014 at 2:48 PM, Hanno Böck <hanno@...eck.de> wrote:

> It ultimately comes down to this: Do we consider "encryption" to be a
> term that means "secure encryption" (something like AES) or would we
> also consider a vigenere cipher "encryption"?
> I'd vote that calling a well-known broken cipher "encryption" is a
> misrepresentation and a possible risk.

We know that people want (at least) data confidentiality when they opt
to use an "encryption" feature. Why play word games? A failure to help
people understand what is available and what is not available leads to
vulnerabilities. We can no longer pretend that UX is unrelated to
technical security concerns.


-- 
http://noncombatant.org/

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ