Re: TrueCrypt 4.0 Out
From: David Wagner (daw_at_taverner.cs.berkeley.edu)
Date: 11/06/05
- Next message: David Wagner: "Re: TrueCrypt 4.0 Out"
- Previous message: Kelsey Bjarnason: "Re: TrueCrypt 4.0 Out"
- In reply to: Kelsey Bjarnason: "Re: TrueCrypt 4.0 Out"
- Next in thread: David Wagner: "Re: TrueCrypt 4.0 Out"
- Reply: David Wagner: "Re: TrueCrypt 4.0 Out"
- Reply: Kelsey Bjarnason: "Re: TrueCrypt 4.0 Out"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 6 Nov 2005 22:30:49 +0000 (UTC)
Kelsey Bjarnason wrote:
>On Fri, 04 Nov 2005 21:49:04 +0000, David Wagner wrote:
>> That's exactly backwards. When choosing an information security
>> system, you should assume it insecure until proven secure. Doing
>> anything else leads to a very high risk of security breaches.
>
>So what system are you going to use? This leaves out any conventional
>system - RSA, for example - because they're not provably secure.
Probably the word "proof" is too strong. I would look for systems
where there is positive evidence for their security. We might not have
mathematical reason, but we have some reason to believe that RSA is
probably pretty good.
Probably the most important point I wanted to make, though, is that
absence of evidence of insecurity is not the same as evidence of security.
- Next message: David Wagner: "Re: TrueCrypt 4.0 Out"
- Previous message: Kelsey Bjarnason: "Re: TrueCrypt 4.0 Out"
- In reply to: Kelsey Bjarnason: "Re: TrueCrypt 4.0 Out"
- Next in thread: David Wagner: "Re: TrueCrypt 4.0 Out"
- Reply: David Wagner: "Re: TrueCrypt 4.0 Out"
- Reply: Kelsey Bjarnason: "Re: TrueCrypt 4.0 Out"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
