Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALi+ztG62mH0A0=wgUCzxjpkAcDSvEQBiBscHLCDzNtFf-LfnA@mail.gmail.com>
Date: Mon, 10 Mar 2014 21:05:47 -0700
From: Chris Palmer <snackypants@...il.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: Re: When is broken crypto a vulnerability?

On Mon, Mar 10, 2014 at 2:48 PM, Hanno Böck <hanno@...eck.de> wrote:

> It ultimately comes down to this: Do we consider "encryption" to be a
> term that means "secure encryption" (something like AES) or would we
> also consider a vigenere cipher "encryption"?
> I'd vote that calling a well-known broken cipher "encryption" is a
> misrepresentation and a possible risk.

We know that people want (at least) data confidentiality when they opt
to use an "encryption" feature. Why play word games? A failure to help
people understand what is available and what is not available leads to
vulnerabilities. We can no longer pretend that UX is unrelated to
technical security concerns.


-- 
http://noncombatant.org/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.