Some time ago opinion was that only versions of PGP
beginning with 2 were trustworthy, that is before the add-on
junk for user convenience which opened holes galore,
then much more vuls as it went to global market and use
by governments. Is that still the case?
We have archived versions since 2.6
On Sun, Aug 25, 2013 at 8:49 PM, Lodewijk andré de la porte
wrote:
> Assume all mayor cryptotools are exploited. Sad but true.
> ..
> False security is a danger unlike many others. None of us should forget
> that.
NSA says use aes256 for top secret. AES goes worldwide.
Would be pretty funny if in
I find it likely that the Google engineer quoted had things like the
NSA taps on routers and in telecom facilities in mind, rather than
whether users of various services can expect that their providers will
hand over to the government. In other words, encrypting data in motion
rather than at rest.
Assume all mayor cryptotools are exploited. Sad but true. Any other reason
people complain OpenSSL is written in tongues (so to speak)? Hiding
exploits is easier in a mess.
That said the people in the IETS might be ignorant to the fact that TLS is
likely backdoor'ed. The thing with this problem is
It's Sunday, it's time for some amusement. I agree with everything John
writes, and although I prefer an alternate style, it may be time for
straight talking.
On 24/08/13 00:33 AM, John Young wrote:
Comsec experts should not be surprised at the Snowden
revelations about NSA so far, most of
Comsec experts should not be surprised at the Snowden
revelations about NSA so far, most of which are venerable.
What is surprising is their seemingly exaggerated surprise
because many of them worked at or ran firms which were
known to be heavily involved with official spying through
dual-use tec