Skip to main content

Posts

Showing posts from January, 2015

Don't Build Your Own Security Solution!

There are only three reasons why building your own security solution is a good idea: Security through obscurity - There's less likelihood that anyone will find the holes because no-one else is using it. This is just as well since your home-grown solution is probably riddled with them (see below). Risk v Cost - You've weighed the risk, baulked at the cost and decided the benefits aren't affordable. You're unique! - Some organisations may be unique and/or have unique problems for which there is not an off-the-shelf solution. You may be NASA or a top secret government department, or you could be one of the big internet organisations operating at the edge of technology and scale (fb, Google or the like) or it may just be your business to develop security products. It's a fair bet that #3 doesn't apply to you and if you think the costs are too high then I suspect you've not really understood the problem. There are many reasons why you shouldn't build y

ECB Mode Encryption Deficiencies Explained

  For the record, I'm not sure where the original came from but there's a copy on Stack Exchange; "Why shouldn't I use ECB encryption", and the ECB penguin clearly has history as noted on PyTux ...