On 11/08/13 20:36, danimoth wrote: > On 11/08/13 at 01:10pm, Francisco Ruiz wrote: >> Twice again, privacy has taken a hit across the land. Lavabit and Silent >> Mail are gone, and to quote Phil Zimmermann, “the writing is on the wall” >> for any other encrypted email provider located in US territory. This is >> sure to be repeated for servers located in Europe and other countries. Is >> this the end of encrypted email? > > [cut] > > IMHO you are making big statements, taking a lot of risks, and a lot of > people's life on your back, as we're not playing here. Are you sure to > have big enough shoulder? > > First, it is in Javascript. Who needs cryptography, SHOULD NOT use > javascript. Google can help you ([1] for example, [2] if > you are coming from a 48h non-stop no-sleep marathon). > > Second, someone posted about your random number generator, and you > ignored it. But this is a minor problem, as all things are in > Javascript. > > Third, you use Javascript. But, wait, I need to sleep. Please stop > spamming an insecure-by-design product. >
I think you forgot to mention the design flaw that it implements crypto in javascript. > Last thing: People, please, use PGP instead of these circus things. > Hear, hear. I never bought this whole "users will never install software" "argument". Have you seen the sort of crap the typical non-technical user has installed? > > [1] http://www.matasano.com/articles/javascript-cryptography/ > [2] https://www.google.it/search?q=why%20is%20bad%20crypto%20javascript > > -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git
-- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
