Floppy recovery
Guy Sotomayor
ggs at shiresoft.com
Thu Jan 7 18:21:04 CST 2016
> On Jan 7, 2016, at 4:13 PM, Mouse <mouse at Rodents-Montreal.ORG> wrote:
>
>>> I don't trust the vendor's internal security to keep the key from
>>> leaking and I don't trust the vendor's HR security to prevent
>>> malware authors from making it to the inside, and I *sure* don't
>>> trust the vendor to resist a request from law enforcement [...]
>> I donâ¿¿t know if itâ¿¿s typical or not, but every company that
>> Iâ¿¿ve worked for that has managed crypto-keys has taken key security
>> *very* seriously.
>
> I find that easy to believe. However:
>
> (1) "[E]very company [you]'ve worked for" is almost certainly a heavily
> biased sample; if you have a tenth the clue you appear to, you
> would stay away from the dodgier ones.
Probably. ;-)
>
> (2) Taking key security seriously is a very different thing from being
> good at key security. (They probably correlate positively, but not
> nearly as strongly as one might wish.)
>
Agree. In the cases I’m aware of they do both. ;-)
TTFN - Guy
More information about the cctalk
mailing list