Cryptography

428 readers

1 users here now

cryptography (noun). The discipline concerned with communication security (eg, confidentiality of messages, integrity of messages, sender authentication, non-repudiation of messages, and many other related issues), regardless of the used medium such as pencil and paper or computers.

This community is for links about and discussion of cryptography specifically. For privacy technology more generally, use !privacy.

This community is explicitly not about cryptocurrency; see !crypto for that.

founded 3 years ago

MODERATORS

[email protected]

Web-based cryptography is always snake oil (www.devever.net)

submitted 4 months ago by [email protected] to c/[email protected]

4 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 9 points 4 months ago

What a brain-dead take. If your threshold for true safety is "literally no one can force you to decrypt it or affect the system in any way" then of course it's insecure, and so is everything else unless everyone writes their own crypto implementation yourself locally.

"oh I compile my binaries from source so I'm safe"

Someone could compromise the source repo and have it serve a compromised version to your machine. I guarantee you aren't reading the entirety of the open SSL source code before you compile it.

Anyone that takes this article seriously should read On Trusting Trust. It's a very short essay that states the point much more eloquently than the post author that you eventually have to trust someone. Whether that's Apple or Signal or some random maintainer of your crypto implementation library, you have to trust someone that it hasn't been backdoored.