<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">2014-08-03 15:33 GMT+02:00 ianG <span dir="ltr"><<a href="mailto:iang@iang.org" target="_blank">iang@iang.org</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div id=":16g" class="a3s" style="overflow:hidden">It also works in the sense that better locks work. They aren't<br>
unbreakable, but they do move the burglar on to the next house. Which<br>
is all we need. This is a self-reinforcinc cycle, slowly everyone<br>
upgrades over time together, as they can afford it.<br>
<br>
What it isn't is the old "security must be perfect" nonsense that was<br>
peddled in the early days. We all know a perfect lock on a flyscreen<br>
door is a stupidity, but apparently we have difficulty seeing what is<br>
wrong with ECC512 bit encryption on a website taking credit cards with<br>
some home written PHP.</div></blockquote></div><br>I disagree with the logic here. We're not building houses. What we build doesn't even have dimensions.</div><div class="gmail_extra"><br></div><div class="gmail_extra">
I'm not sure why home written PHP has to be bad. It's up to the writer in any language. PHP isn't the problem.<br><br>You should also consider "why wouldn't I put a perfect lock on my flyscreen?", because in this world the cost of ECC512 vs the cost of a shorter one is so-so-so-so-so small.<br>
<br>Creditcards are an interesting example of how no technological security can still work in the real world. And, incidentally, how expensive that makes the security.</div><div class="gmail_extra"><br></div><div class="gmail_extra">
At the moment using "strong enough" crypto makes people go to the next door. What really kills services and servers is n-day exploits; unupdated known-vulnerability services. Advising against ECC512 is not going to help that. (Advising in favor of it also doesn't matter much)<br>
<br>Let him have his perfect crypto. It's a step on the road to salvation. Who knows, maybe one day he'll be happy he took it. I'm sure he'd never regret it.</div></div>