[cryptography] If this isn't a honey-pot, it should be

Marsh Ray marsh at extendedsubset.com
Wed Jun 15 13:39:53 EDT 2011


On 06/15/2011 12:00 PM, Jack Lloyd wrote:
>
> https://encryptur.com/
>
> In fairness, this is no worse that downloading some random program off
> the internet and using it for the same purpose.

But it is. If you download a 'random' program off the internet it's 
unlikely to have been targeted at you specifically.

Whereas for an online service the attacker learns your IP, geolocation, 
exact time, etc. in association with the plaintext and then he has the 
option of keeping your plaintext or weaken your ciphertext at the time 
you perform the encryption.

Note that this site is sourcing Google analytics.

> At least here the
> worst case is basically that someone gets your plaintext (and later
> extorts you when you want the plaintext back), vs rootkiting your
> machine when you run that proggie as Admin.

Rootkits are bad, but at least it's happening on your machine and your 
network where you can observe, isolate, and wipe it.

- Marsh



More information about the cryptography mailing list