Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 18 Jan 2016 10:17:27 +0100
From: Bart van Tuil <bvantuil@...argroup.nl>
To: Scott Arciszewski <scott@...agonie.com>, "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>,
	 "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: Re: [FD] It essentially wins crypto vulnerability bingo! gilfether/phpcrypt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I don't get something:

> 4. https://github.com/paragonie/EasyRSA (reluctantly included for
> people that really believe they need RSA)

...What's, in your opinion ofcourse, the wrong thing about
implementing RSA in a decent web application? PHP is used for much,
much more than building simple frontpages without a backend (where
this might be a senseless complication). RSA is still the way to go
about implementing accessible asymmetrical crypography...

I do agree, wholeheartedly, that building your own cryptographic
primitives is just an expensive way of ultimately fooling yourself.

Just wondering...


All the best,


Bart


<rant>
PS:
All this bashing on PHP really tires me - it's getting old and
redundant. And no - im not a PHP developer.
</rant>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJWnK2nAAoJEEnUI2SRQ818biYH/1uKMFgwvkj2iBax/0NJlNTH
2Tfd6HLjesvaHUUpQGnvlOILszBoULOlzSsbIXkeLAob/nRyMll7MNI1UExzxub2
3tJzmzXenMCT+3en9vCr1eBkEZBCGKWudTLYoEYSanzK1aKr2N4aZEFxYzKWq+fX
v3hZQuqbISnUvk5UzSdpKW8ZHEMdjhdqt9h7q2BH7m/z5o72jHDBkOFpflCRzIu3
xlH0ctxFT1F0C071Dk+I5zdAOnERqM/68wDvJ0fHYmobtKPfMDgu8nSqYyB5LpUK
U1R4zAe/Jpuxkx9DWZb2f0BK7SrZwX9jDs+BPkDZ1tpN6rV2z3toaXtrWjMbwWM=
=o7rc
-----END PGP SIGNATURE-----


This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the   company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ