lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <41262587.3030307@sdf.lonestar.org>
From: bkfsec at sdf.lonestar.org (Barry Fitzgerald)
Subject: RE: MS should re-write code
    with security in mind

Clairmont, Jan M wrote:

>Glenn:
>Not to take issue with the performance of encryption, but 
>what good is performance when it's all spent processing spam, malware, trojans, spyware and all the other cr*p that downloads.
>Even things like spybot, zone alarm etc. do not  prevent any
>of the junk that gets loaded thru mail and port 80, plus any other vulnerabilities that continually open up.
>
>  
>
An interesting cost benefit analysis of this would be to take the amount 
of bandwidth increase if people used encrypted/authenticated pipes as 
upposed to unencrypted/enauthenticated pipes just for mail (in this 
case) and compare that to the bandwidth lost in SPAM (only count spam 
that would be blocked by said authentication system) and see which comes 
out larger.

If the bandwidth consumption is less for the encryption, then you have 
your answer.

             -Barry

p.s.  I'm not sure where to start to get valid numbers on this.  Every 
scenario I've been able to think of in the time it took to write this 
e-mail has major methodological flaws.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ