On the heels of the BEAST exploit on TLS 1.0, I’ve prepared a helpful flowchart to assist future standards committees. You can click to enlarge.
Update: I felt bad that this post was a little snarky, so I’ve written another post in which I try to provide some constructive advice.
2 thoughts on “Should I use a non-standard encryption scheme?”
Haha… “I offered $50 on my website. No takers.”
Regarding using your own bad cipher to encrypt your own bad stuff, have you seen this? http://it.slashdot.org/story/11/04/01/0017214/Convicted-Terrorist-Relied-On-Single-Letter-Cipher
Ha, I hadn't seen that particular one, but it's par for the course. I have a friend who did a stint at the FBI in a group tasked with breaking the awful ciphers that gangsters and terrorists like to use. It sounded like fun.
That article has me totally interested in the Mujahideen Secrets 2 program that he /didn't/ use. Unfortunately the brief Googling I just did will probably get me on a terrorist watch list…
Comments are closed.