-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mar 28, 2013, at 5:24 PM, Kevin W. Wall <[email protected]> wrote:
>
> All excellent, well articulated points. I guess that means that
> RSA Security is an insane company then since that's
> pretty much what they did with the SecurID seeds. Inevitably,
> it cost them a boatload too. We can only hope that Apple
> and others learn from these mistakes.
No, RSA was careless and stupid. It's not the same thing at all.
SecurID seeds are shared secrets and the authenticators need them. They did
nothing like what we were talking about -- handing them out so the security of
the device could be compromised. They kept their own crown jewels on some PC on
their internal network and they were hacked for them.
>
> OTOH, if Apple thought they could make a hefty profit by
> selling to LEAs or "friendly" governments, that might change
> the equation enough to tempt them. Of course that's doubtful
> though, but stranger things have happened.
Excuse me, but Apple in particular is making annual income in the same ballpark
as the GDP of Ireland, the Czech Republic, or Israel. They could bail out
Cyprus with pocket change.
If you want to go all tinfoil hat, you shouldn't be thinking about friendly
governments buying them off, you should be thinking about *them* buying their
own country.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: iso-8859-1
wj8DBQFRVPGKsTedWZOD3gYRAmKzAKDkD8/myOnUQjpSQzohZ7i3OqC6QwCeJ69T
e81n4nVL+KTK7g72TLMeHow=
=JqMQ
-----END PGP SIGNATURE-----
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
