On Sat, 21 Feb 2009, Peter Gutmann wrote:
This points out an awkward problem though, that if you're a commercial vendor and you have a customer who wants to do something stupid, you can't afford not to allow this. While my usual response to requests to do things insecurely is "If you want to shoot yourself in the foot then use CryptoAPI", I can only do this because I care more about security than money. For any commercial vendor who has to put the money first, this isn't an option.
That's not entirely true -- even commercial vendors have things like ongoing support to consider, and some customers just cost more money than they're worth. cheers! ========================================================================== "A cat spends her life conflicted between a deep, passionate and profound desire for fish and an equally deep, passionate and profound desire to avoid getting wet. This is the defining metaphor of my life right now." --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
