Floppy recovery

7 Jan 2016

...
   I don't
trust the vendor's internal security to keep the key from
 leaking and I don't trust the vendor's HR security to prevent
 malware authors from making it to the inside, and I *sure* don't
 trust the vendor to resist a request from law enforcement [...]  I don???t know if
it???s typical or not, but every company that
 I???ve worked for that has managed crypto-keys has taken key security
 *very* seriously. 
I find that easy to believe.  However:

(1) "[E]very company [you]'ve worked for" is almost certainly a heavily
    biased sample; if you have a tenth the clue you appear to, you
    would stay away from the dodgier ones.

(2) Taking key security seriously is a very different thing from being
    good at key security.  (They probably correlate positively, but not
    nearly as strongly as one might wish.)

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse at rodents-montreal.org
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

Floppy recovery