= 27d567bc2d48d9f40e9ccc20ea370b15)
Nanashi comments on A pair of free information security tools I wrote - LessWrong
You are viewing a comment permalink. View the original post to see all comments and the full post content.
= 783df68a0f980790206b9ea87794c5b6)
Loading…= b715d02e85f7b3b4ae65ca3d3e450868)
Subscribe to RSS Feed
Powered by Reddit
= f037147d6e6c911a85753b9abdedda8d)
You are viewing a comment permalink. View the original post to see all comments and the full post content.
Comments (97)
Since someone seemed to take issue with this, I'll clarify: all the potential security flaws that we've discussed here operate under the assumption that I maliciously attempted to subvert the stated purpose of this tool. Since I am ~100% confident that I did not, in fact, do this, I am not too concerned.
This is not true at all. Security flaws of a crypto tool are bugs which make it less secure than expected and which the author is typically not aware of. Software with a hidden malicious load is just a trojan (or malware in general).
Note that I said "all the potential security flaws we've discussed here". Not, "any possible security flaw."
This is precisely why I've been annoyed by the direction this thread has taken. If someone wants to talk about potential flaws specific to this tool, I'm all ears. But instead it's mostly been a discussion about all the different ways I could possibly slip a Trojan into this tool.
I don't believe I ever said anything like that.
You didn't. Sorry, I should have clarified. When I said "this thread" I meant "the comments in general" and not your particular reply.