I'd rather geek out about CTR v CBC than harp on the scrypt recommendation. Cons... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tptacek on June 3, 2011 \| parent \| context \| favorite \| on: Insecurity in the Jungle (disk) I'd rather geek out about CTR v CBC than harp on the scrypt recommendation. Consider the scrypt thing a friendly style note. You wrote an article about a competitor's insecurities. When you do that, don't recommend they adopt your own cryptosystem unless (like CRI had to do with DPA countermeasures) they have to. Here, it just made you look unnecessarily petty. What privacy attacks were you thinking of? Call some of them out.

cperciva on June 3, 2011 [–]

Consider the scrypt thing a friendly style note.

Note taken. :-)

What privacy attacks were you thinking of?

Things like replacing files with malware.

tptacek on June 3, 2011 | [–]

Yeah, we were saying the same thing, I think, but you said it more clearly.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact