Greg writes:
This falls somewhere in the land of beyond-the-absurd.
So, my password, iPoopInYourHat, is being sent to me in the clear by your
servers.
Repeat after me: crypto without a threat model is like cookies without
milk.
If you are proposing that something needs stronger encryption
John Denker writes:
It is against NSA policy to attach a thumb drive. I betcha some
folks really want to know how he did that without getting caught.
Take a mouse. Remove its own electronics. Substitute a Teensy 2 which
emulates a mouse AND a thumb drive, but only after a certain
combination
John Levine writes:
http://www.taugh.com/epostage.pdf
I would also point out that nothing is preventing anyone from
implementing their own epostage. Just send your email via a paypal
Send Money, accompanied with whatever postage you feel is appropriate.
No magic, no standards track epostage,
Damien Miller writes:
It protects against the common threat model of lost/stolen USB keys.
Remember, crypto without a threat model is like cookies without
milk.
--
--my blog is athttp://blog.russnelson.com | People have strong opinions
Crynwr sells support for free software | PGPok |
Dave Korn writes:
So by your exacting standards, PGP, gpg, openssh, in fact basically
_everything_ is snake oil.
No. In fact Aram is saying nothing of interest. Cryptography without
a threat model is like motherhood without apple pie. Can't say that
enough times. More generally,
Perry E. Metzger writes:
The following is a real email, with minor details removed, in which
J.P. Morgan Chase works hard to train its customers to become phishing
victims.
And no DomainKeys cryptographic signature?? You're right - for shame!
--
--my blog is at
[EMAIL PROTECTED] writes:
You and I are in agreement, but how do we get
the seemingly (to us) plain truth across to
others? I've been trying for a good while now,
reaching a point where I'd almost wish for a
crisis of some sort as persuasiveness is not
working.
We are probably
