[Cryptography] Why is emailing me my password?
Russ Nelson
nelson at crynwr.com
Wed Oct 2 01:17:37 EDT 2013
Greg writes:
> This falls somewhere in the land of beyond-the-absurd.
> So, my password, iPoopInYourHat, is being sent to me in the clear by your servers.
Repeat after me: "crypto without a threat model is like cookies without
milk."
If you are proposing that something needs stronger encryption than
ROT-26, please explain the threat model that justifies your choice of
encryption and key distribution algorithms.
--
--my blog is at http://blog.russnelson.com
Crynwr supports open source software
521 Pleasant Valley Rd. | +1 315-600-8815
Potsdam, NY 13676-3213 | Sheepdog
More information about the cryptography
mailing list