[cryptography] The Compromised Internet

coderman coderman at gmail.com
Thu Sep 26 04:32:01 EDT 2013


On Wed, Sep 25, 2013 at 11:19 PM, coderman <coderman at gmail.com> wrote:
> On Wed, Sep 25, 2013 at 1:36 PM, Tony Arcieri <bascule at gmail.com> wrote:
>> ...
>> What threat are you trying to prevent that isn't already solved by the use
>> of cryptography alone?
>
>
> this is some funny shit right here...  LOL


someone pointed out that i might be an ass about a legitimate query.

here's a subset of all the things crypto alone does not protect:
- your source of entropy, upon which all secrets rely.
- your crypto implementation, which may leaks keys profusely out the side.
- the peers you crypto with; often the most important info.
- the complexity of attacking your crypted comms, which may be reduced
to a tractable search space due to architectural or design flaws
introduced by accident or $250,000,000 malicious intent.
- the data in motion or at rest, beyond your crypto boundaries.

i could go on...


More information about the cryptography mailing list