On 11/04/14 09:41, ario wrote: > On Thu, 10 Apr 2014 19:04:27 +0200 > Pongrácz István <pongracz.ist...@gmail.com> wrote: > >> > What if they implemented this "feature" to be able to get information >> > without trace? :)))) > Then they would have succeeded spectacularly with us thinking "there is > a bug" in OpenSSL. > > My preferred beckup encryption scheme still would be the One Time Pad > (OTP) as it seems really unbreakable, if it were not for the recurrency > in the problem of: "Where do I backup the OTP itself, and how do I > encrypt it?" >
Heartbleed isn't a problem with the encryption though; the encryption didn't get broken. Any protocol could probably potentially suffer from a buffer overflow due to a bug in the software. Given this one leaked info from the server process, who's to say it wouldn't leak your one-time pad? Richard ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ Ledger-smb-users mailing list Ledger-smb-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ledger-smb-users
