Should I use a non-standard encryption scheme?

On the heels of the BEAST exploit on TLS 1.0, I’ve prepared a helpful flowchart to assist future standards committees.  You can click to enlarge.

Update: I felt bad that this post was a little snarky, so I’ve written another post in which I try to provide some constructive advice.

2 thoughts on “Should I use a non-standard encryption scheme?

  1. Ha, I hadn't seen that particular one, but it's par for the course. I have a friend who did a stint at the FBI in a group tasked with breaking the awful ciphers that gangsters and terrorists like to use. It sounded like fun.

    That article has me totally interested in the Mujahideen Secrets 2 program that he /didn't/ use. Unfortunately the brief Googling I just did will probably get me on a terrorist watch list…

Comments are closed.