Ubuntu Forums - FYI
Kent Borg
kentborg at borg.org
Wed Jul 24 12:47:18 UTC 2013
On 07/24/2013 06:02 AM, Sajan Parikh wrote:
> If you are theorizing that AES has any sort of 'backdoor' so that the
> secret Government bad guys with their black helicopters can knock on
> LastPass's door and gain access to your Twitter account...that's
> ridiculous thing I've heard and am counting you as a troll at this point.
AES is probably really good. But if I slap an "AES!" sticker on my
product, it doesn't mean my product is any good. I might be a cheat and
a liar, or I might be incompetent with cryptography. Why should you
trust my close-source product?
And even with open source, has there really been much auditing of the
code? By really good crypto reviewers? Maybe. So even open source I
treat with great care.
Before uploading a master key database to some kinda open internet
backup, I super-encypt with a gpg (which does get a lot of review).
Using a different key for the gpg step. I now I have a file which is as
good as it's *strongest* link, not weakest.
> /rant - Agree that this thread should die.
Putting that at the *end* of a long post? Oh, how selfless. "Everybody
listen to *me* and then let's all shut up."
Questions of online security and password management--and even whether
passwords can be safe at all--are rather topical questions with very
non-obvious answers. It is naive to pretend this is like an infinite
argument over emacs vs. vi. Security is hard. It isn't done yet.
-kb
More information about the ubuntu-users
mailing list