Hacker News new | past | comments | ask | show | jobs | submit login

Even if I were to accept your logic, what's ridiculous about that?



Open sourcing the crypto code wouldn't be ridiculous, but pointless.

What I find ridiculous though was

>venders that don't agree to an audit should be considered insecure

The same thing applies to every single part of the application, but not equally. No attacker is going to start out by trying to break the crypto, unless it's obviously broken. "Normal" bugs are far more common and often more dangerous (Thing RCE, or in the case of many modern apps: XSS)


> No attacker is going to start out by trying to break the crypto, unless it's obviously broken.

Emphasis mine. I agree with ryanlol here. Why bother with active attacks when you can just steal their private key from a code execution?

Similar to this, but with the priority flipped:

https://www.bishopfox.com/blog/2016/04/if-you-cant-break-cry...




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: