Ian G wrote: > "SSL protects data in transit but the problem isn't eavesdropping on the > transmission. Someone can steal the credit card on some server > somewhere. The real risk is data in storage. SSL protects against the > wrong problem," he said.
That's like saying "No, no, mugging isn't a problem--the real money is in bank heists." You can't ignore one problem or the other. > "The paper is not a surprise, but at the same time it's the crispest > demonstration for why it's necessary to remove this broken algorithm > everywhere it is being used," he said, before adding "there are bigger > things to worry about, like browser bugs and operating security bugs." Absolutely. Let's plan to phase out support for MD5 and move on to bigger issues. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto