[Metalab] Recommended? Unseen - easy to use & secure communication
Michael Zeltner
m at niij.org
Fri Jan 10 12:57:28 CET 2014
On 10 Jan 04:55, Benjamin Klemencic wrote:
> Please let me know your opinion about https://unseen.is
Snakeoil. _Don't_ go there.
https://unseen.is/faq.html
"We were told by some very smart and connected people that users need to
generate and keep their own keys and that RSA and AES were no longer secure
enough."
Right, they spread FUD and then roll their own, specs unseen (by users)!
Because that's a great idea m( (Make it stop)
http://blog.unseen.is/2013/12/25/nsa-forces-replacement-of-rsa-encryption-ssl-is-next/
This is false. The leaks did not talk about RSA the algorithm but Dual_EC_DRBG
the random number generator, which the company called RSA made the standard RNG
in their commercial crypto library (which is very unlikely to be deployed in
software that you use at the moment). Other than that they talk about something
related to AES with 4096 bits - for symmetric encryption, that makes absolutely
no sense at all.
Currently, there's a simple set of rules for crypto/privacy related software
that is easyish to go by even for people that do not go into details what's
going on:
* Is it open source? Yay!
* It is hosted somewhere other than SourceForge? Yay!
* Does it have a horrible user interface or is in an unusable alpha/beta stage?
Yay! (Exception: Tor Browser 3.5)
I'll happily expand why this is the case (in a different thread). But at the
moment, the tools we have available are (more than) suboptimal, and there are
nice ones coming up, but it'll take a while. I'm sorry. But don't buy the
marketing shit.
Hth,
Michael
--
https://niij.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.metalab.at/pipermail/metalab/attachments/20140110/59389907/attachment.sig>
More information about the Metalab
mailing list