Date: Mon, 10 Mar 2014 21:05:47 -0700 From: Chris Palmer <snackypants@...il.com> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: Re: When is broken crypto a vulnerability? On Mon, Mar 10, 2014 at 2:48 PM, Hanno Böck <hanno@...eck.de> wrote: > It ultimately comes down to this: Do we consider "encryption" to be a > term that means "secure encryption" (something like AES) or would we > also consider a vigenere cipher "encryption"? > I'd vote that calling a well-known broken cipher "encryption" is a > misrepresentation and a possible risk. We know that people want (at least) data confidentiality when they opt to use an "encryption" feature. Why play word games? A failure to help people understand what is available and what is not available leads to vulnerabilities. We can no longer pretend that UX is unrelated to technical security concerns. -- http://noncombatant.org/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ