this post was submitted on 10 Apr 2024
10 points (72.7% liked)

Cryptography

428 readers
1 users here now

cryptography (noun). The discipline concerned with communication security (eg, confidentiality of messages, integrity of messages, sender authentication, non-repudiation of messages, and many other related issues), regardless of the used medium such as pencil and paper or computers.

This community is for links about and discussion of cryptography specifically. For privacy technology more generally, use !privacy.

This community is explicitly not about cryptocurrency; see !crypto for that.

founded 3 years ago
MODERATORS
[email protected]
[email protected]
10
Web-based cryptography is always snake oil (www.devever.net)
submitted 4 months ago by [email protected] to c/[email protected]
4 comments fedilink hide all child comments
top 4 comments
sorted by: hot top controversial new old
[–] [email protected] 9 points 4 months ago

What a brain-dead take. If your threshold for true safety is "literally no one can force you to decrypt it or affect the system in any way" then of course it's insecure, and so is everything else unless everyone writes their own crypto implementation yourself locally.

"oh I compile my binaries from source so I'm safe"

Someone could compromise the source repo and have it serve a compromised version to your machine. I guarantee you aren't reading the entirety of the open SSL source code before you compile it.

Anyone that takes this article seriously should read On Trusting Trust. It's a very short essay that states the point much more eloquently than the post author that you eventually have to trust someone. Whether that's Apple or Signal or some random maintainer of your crypto implementation library, you have to trust someone that it hasn't been backdoored.

[–] [email protected] 4 points 4 months ago (1 children)
  • A cryptosystem is incoherent if its implementation is distributed by the same entity which it purports to secure against.

Preach

[–] [email protected] 1 points 4 months ago

NSA 👀

[–] prettybunnys 0 points 4 months ago* (last edited 4 months ago)

This kinda sounds like the many decades old argument for security domains and trusted paths

Just, not quite as well made and not nearly as well informed.

20 years ago this was a cromulent argument. Today it’s just narrow