[147796] in cryptography@c2.net mail archive
Re: [Cryptography] "Death Note" elimination for hashes
daemon@ATHENA.MIT.EDU (Pat Farrell)
Mon Oct 21 23:40:38 2013
X-Original-To: cryptography@metzdowd.com
To: cryptography@metzdowd.com
Date: Mon, 21 Oct 2013 21:13:36 -0400 (EDT)
From: pfarrell@pfarrell.com (Pat Farrell)
Cc: pfarrell@pfarrell.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 10/21/13 6:06 PM, Jerry Leichter wrote:
> Sorry, but hardly anyone will read this; most of those that do won't really
> understand what it means; and, in general, it will just piss users off.
> You broke the Internet for them. All this verbiage doesn't make it any better.
>
> Security is important, but the fact is that if you *ask* people whether they would
> choose to be locked out of their on-line banking accounts for some indefinite period,
> or be able to access their account at some small risk, you'll find hardly
> anyone who wants to be locked out.
It is only important for folks on this list and a tiny percentage of the world's users.
We learned this the hard way at CyberCash in the 90s. We used RSA and DES and serious
protocols. Paypal was convenient. Their security was a joke. CyberCash folded before
the dot.boom. Paypal made billionaires out of its founders. Which led to the security team
coining a rule: Consumers want convenients, not security.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
