[Cryptography] Browser JS (client side) crypto FUD

Jae Kwon jae at tendermint.com
Sat Aug 2 18:52:30 EDT 2014


https://news.ycombinator.com/item?id=6675989

I was a contributor to the scramble.io project above.  You can tell
that I had a run-in with the guy in the comments.  I can't tell
whether he's incapable of reasoning about shades of gray, or whether
he's exploiting a social vuln for personal gain.  Let me explain:

His shtick is to be as black and white as possible, declaring his way
as the only way (e.g. you must use the design patterns and tools
sanctioned by the "security experts", and only those design patterns
and tools, otherwise your product is insecure.), and generally being a
troll and shooting down every new project by pointing out various
flaws, real or imagined.  Readers who aren't as crypto-curious then
eat it up, as it seems like sage advice from an expert, and are
equipped with soundbites that they can also use to counter any new
crypto project ("There's an established way/tool to do what you're
doing, and you're not doing that, so your thing is insecure because
you're inventing new crypto.").

Some of what he says is true, some of what he says is just flame bait.

 Either way it looks his attitude does bring in customers.

Personally, I just call him a troll.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140802/cad05694/attachment.html>


More information about the cryptography mailing list