@bascule We gave penetration team all the source code, all the configs+passwords+keys, asked them to do their best. We still made mistakes
@schmerg if your system fails under public scrutiny you're violating Kerckhoffs's principle ;)
-
-
@bascule where were you when I was explaining this as an architectural principle to the management :) We should swap horror stories sometime -
@schmerg crypto: you either get it or you don't, I think. The worst part is telling people who don't get it they're doing it wrong -
@bascule I wouldn't claim to get it fully, beyond knowing that blindly slapping digital signatures & passwords on things won't suffice -
@schmerg it's either right or it's not. if it's not right, fix it. that's the only way :| -
@bascule Cheers & g'night - next time you're near London I'll be happy to buy you a beer and chat ...
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.