[Discuss] Good and Bad Crypto
Richard Pieri
richard.pieri at gmail.com
Sun Apr 20 11:29:50 EDT 2014
Edward Ned Harvey (blu) wrote:
> Anyone following the AeroFS thread knows I just wrote a bunch about
> good and bad crypto, with particular emphasis that the quality of
> crypto is not strongly correlated to the code being open or closed
> source.
Indeed. The Heartbleed fiasco is a perfect example of how being open
source does not magically make the code "better". As you wrote
previously, it's not the quantity of eyes looking at the code, it's the
quality of those eyes.
I like how AeroFS and BTSync handle things. Even if the encryption is
weak or flawed they never store any of the data. A master key is of
little use to an attacker if he can't get his hands on the lockbox.
--
Rich P.
More information about the Discuss
mailing list