[Cryptography] Browser JS (client side) crypto FUD

ianG iang at iang.org
Sun Aug 3 09:33:16 EDT 2014


On 2/08/2014 23:52 pm, Jae Kwon wrote:
...
>  Either way it looks his attitude does bring in customers.


This is a fundamental feature of the infosec industry.  Customers want
to be told they are doing the right thing.  The thing itself is totally
opaque to both customers and suppliers in general, so the end result is
that the one who markets best wins best.

It also works in the sense that better locks work.  They aren't
unbreakable, but they do move the burglar on to the next house.  Which
is all we need.  This is a self-reinforcinc cycle, slowly everyone
upgrades over time together, as they can afford it.

What it isn't is the old "security must be perfect" nonsense that was
peddled in the early days.  We all know a perfect lock on a flyscreen
door is a stupidity, but apparently we have difficulty seeing what is
wrong with ECC512 bit encryption on a website taking credit cards with
some home written PHP.


> Personally, I just call him a troll.

Just an inevitable conclusion of the market for silver bullets.  Sad,
yes.  If one is uncomfortable with the structural implications of the
industry, there are plenty of others ;-)



iang



More information about the cryptography mailing list