Well, it seems to me that there are two things we are protecting here:
1. The privacy of users' reading habits. This is likely of interest
only to governments, whose powers of stealth and coercion are so
vast that they wouldn't bother with trying to break our
encryption.
2. Users' logon credentials. Given the depressing statistics on how
many people use the same password for everything, this would be of
interest to medium-scale criminal enterprises, who probably
*would* find it worthwhile to attack weaker crypto.
So I would say that a public repository should nevertheless employ
reasonably strong crypto. We need to balance security against
accessibility, and our threat model is different from that facing a
payment card system or a military C3I network or an industrial control
system.
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce. Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
