[cryptography] Introducing SC4 -- feedback appreciated
bascule at gmail.com
Fri Apr 17 18:51:23 EDT 2015
On Fri, Apr 17, 2015 at 11:56 AM, Ron Garret <ron at flownet.com> wrote:
> The fact that to use PGP you have to install an application. (This is
> true for Peerio as well.) That turns out to be too much friction for most
> people. Whenever you have to install an application you have to decide
> whether or not you trust the application, and most people have no basis for
> making that assessment.
Why should anyone trust your web page? Do you expect people to audit the
source code every time they use it? If they don't, perhaps you made a
change which exfiltrates the plaintext to your personal server. Perhaps you
targeted a single person, and everyone else sees the "real version"
This is why web pages aren't trustworthy for cryptographic purposes.
I wrote a blog post on this topic:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography