nationwide interception of Facebook & webmail logincredentials in Tunisia
Ian Batten
igb at batten.eu.org
Mon Feb 7 13:28:33 GMT 2011
On 07 Feb 11, at 1043, Brian Morrison wrote:
>
> I find that most people I speak to in the pub struggle to understand
> much of this at all, they can just about grasp that they should be
> looking for a padlock symbol when they are banking or shopping online
> but try to delve any deeper into their knowledge and one gets a blank
> stare.
I think the problem is that the focus in the 1990s was on encryption: there was a real fear (although whether it was based on real risk) of interception of sensitive data in flight. We now know that the real issues are twofold: impersonation (which requires certificates to work properly, rather than just transient transport encryption) and data at rest issues (for which SSL is an irrelevance). Unfortunately, both are harder to solve and harder to communicate than mere key length.
ian
More information about the ukcrypto
mailing list