Ubuntu Forums - FYI
kentborg at borg.org
Mon Dec 23 21:04:31 UTC 2013
Back in July Sajan Parikh was horrified that I might doubt the
quality/integrity/competence of commercial crypto software.
Now we learn that RSA put in an NSA backdoor for $10,000,000, and that
the NSA had a budget for this kind of compromise of $250,000,000.
Where did the rest of the money go?
Open source crypto is not guaranteed to be better, but it as a chance.
It is tricky to put a backdoor in open source software, someone might
see it. And if the NSA wanted to bribe someone to put in a backdoor, it
is sometimes tricky to know whom to pay off.
On 07/24/2013 09:36 AM, Sajan Parikh wrote:
> On 07/24/2013 07:47 AM, Kent Borg wrote:
>> AES is probably really good. But if I slap an "AES!" sticker on my
>> product, it doesn't mean my product is any good. I might be a cheat and
>> a liar, or I might be incompetent with cryptography. Why should you
>> trust my close-source product?
> You're actually implying right now that LastPass is lying about how
> they are storing things, and are just 'slapping a sticker' on it?
> How can we ever have a genuine discussion on the practical use of the
> internet, if you're going to hold that position?
> We quite literally went from me advocating the use of LastPass by the
> general public, to mitigate the damage of these types of (predictable)
> breaches, to you and Patrick going on about how either LastPass is
> lying, or working with the Government with a secret backdoor to all
> your passwords.
> I think we both realize that discussion has nowhere to go.
> I'll be clearer this time, so as not to seem selfish. I'm not telling
> anyone to shut up, but I'll remove myself from this thread unless
> directly responded to.
>> Before uploading a master key database to some kinda open internet
>> backup, I super-encypt with a gpg (which does get a lot of review).
>> Using a different key for the gpg step. I now I have a file which is as
>> good as it's *strongest* link, not weakest.
> You 'super-encrypt', eh?
More information about the ubuntu-users