> From: Mike Small [mailto:[email protected]] > Sent: Sunday, April 20, 2014 11:20 AM > > How do you examine closed source crypto?
Actually, here's a real good point: I did /not/ read the Truecrypt or Keepass source, in order to determine their strengths and weaknesses. I know from documentation and the interface, what standard crypto libraries they're using, what sources of random they are using, and how strong it all is. I know they're storing ciphertext on disk, and the weakpoint of Truecrypt is the password. I know the weakpoint in dropbox is the password. They are using AES 256 encryption at rest, which is strong, except for the fact that they know your password and therefore you have security *only* to the extent that all of their employees want you to, and haven't been hacked or coerced by the government, don't have any disgruntled former employees, etc. I'm a fan of this "never give your password to anyone" idea. As described in the "Good and Bad Crypto" thread. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
