> It would have been much more useful for a neutral party to do a comparative analysis and stated the pros and cons of each side.
And what would this neutral party be?
> As for me and most normal users, the security we need is not from NSA type of snooping but from mid level risks. There may be some sacrifices that may have to be made. Just like the position Ubuntu plays where Linux distros are concerned
You make it sound as if having government-grade encryption was very hard or very costly but that's obviously not the case, there are many open encryption standard who wouldn't have had the kind of issues Telegram has. Do you want to start a new contest targeting a properly configured openSSH for instance? There is no need for tradeoff there.
> I remember when cperciva that built Tarsnap, an online "backup for paranoid users" launched, he was rather confident in his product and I did not see any intense bashing of him. As expected,there have been bugs in his system and he has fixed them as they have arisen.
Colin Percival has credentials and experience in the cryptoworld. When he makes "new" crypto like scrypt he publishes it and it's been thoroughly reviewed. It also has distinct advantages over previous technologies, it's not just new for the sake of being new.
Crypto is serious business, people can get hurt. Toying with crypto, proposing new ideas is of course to be encouraged, but be humble about it and listen to the feedback. Actually, this last part is true for everything.
> Colin Percival has credentials and experience in the cryptoworld. When he makes "new" crypto like scrypt he publishes it and it's been thoroughly reviewed. It also has distinct advantages over previous technologies, it's not just new for the sake of being new.
He also, AFAICR, did not appear over confident, he was clear in delineating what his application does and does not protect against, and what his goals are (that is one reason why he deserves these crypto credentials).
He published his entire source code.
And when he launched a contest, it was in the form of a bug bounty, he accepted any kind of bugs (up to and including spelling errors in his code comments :) ).
> It would have been much more useful for a neutral party to do a comparative analysis and stated the pros and cons of each side.
And what would this neutral party be?
> As for me and most normal users, the security we need is not from NSA type of snooping but from mid level risks. There may be some sacrifices that may have to be made. Just like the position Ubuntu plays where Linux distros are concerned
You make it sound as if having government-grade encryption was very hard or very costly but that's obviously not the case, there are many open encryption standard who wouldn't have had the kind of issues Telegram has. Do you want to start a new contest targeting a properly configured openSSH for instance? There is no need for tradeoff there.
> I remember when cperciva that built Tarsnap, an online "backup for paranoid users" launched, he was rather confident in his product and I did not see any intense bashing of him. As expected,there have been bugs in his system and he has fixed them as they have arisen.
Colin Percival has credentials and experience in the cryptoworld. When he makes "new" crypto like scrypt he publishes it and it's been thoroughly reviewed. It also has distinct advantages over previous technologies, it's not just new for the sake of being new.
Crypto is serious business, people can get hurt. Toying with crypto, proposing new ideas is of course to be encouraged, but be humble about it and listen to the feedback. Actually, this last part is true for everything.