Floppy recovery

Guy Sotomayor ggs at shiresoft.com
Thu Jan 7 18:21:04 CST 2016


> On Jan 7, 2016, at 4:13 PM, Mouse <mouse at Rodents-Montreal.ORG> wrote:
> 
>>> I don't trust the vendor's internal security to keep the key from
>>> leaking and I don't trust the vendor's HR security to prevent
>>> malware authors from making it to the inside, and I *sure* don't
>>> trust the vendor to resist a request from law enforcement [...]
>> I donâ¿¿t know if itâ¿¿s typical or not, but every company that
>> Iâ¿¿ve worked for that has managed crypto-keys has taken key security
>> *very* seriously.
> 
> I find that easy to believe.  However:
> 
> (1) "[E]very company [you]'ve worked for" is almost certainly a heavily
>    biased sample; if you have a tenth the clue you appear to, you
>    would stay away from the dodgier ones.

Probably.  ;-)

> 
> (2) Taking key security seriously is a very different thing from being
>    good at key security.  (They probably correlate positively, but not
>    nearly as strongly as one might wish.)
> 

Agree.  In the cases I’m aware of they do both.  ;-)

TTFN - Guy




More information about the cctalk mailing list