TechNews

4392 readers

1 users here now

Aggregated tech news.

founded 2 years ago

MODERATORS

[email protected]

[HN] Web-based cryptography is always snake oil (www.devever.net)

submitted 2 years ago by [email protected] to c/[email protected]

1 comments fedilink hide all child comments

[ comments | sourced from HackerNews ]

you are viewing a single comment's thread
view the rest of the comments

[–] UniDestroyer 1 points 2 years ago

A cryptosystem is incoherent if its implementation is distributed by the same entity which it purports to secure against.

Therefore, the implementation distributor cannot be secured against?

Isn't the only defense for this an open source implementation?

If so, isn't Signal doing everything it can?

I get the attack on Lavabit and Protonmail because the implementation is downloaded transparently and often, however Signal's distribution model can be explicit by disabling auto updates, and you can produce the same binary locally.

In summary I think Signal is much better than Lavabit/Protonmail and putting them in the same bucket is disingenuous.