Path: csiph.com!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail From: om@iki.fi (Otto J. Makela) Newsgroups: comp.sys.mac.misc,comp.misc,comp.sys.mac.system Subject: Re: Do you use a password manager? Followup-To: comp.sys.mac.misc,comp.misc,comp.sys.mac.system Date: Wed, 28 Jul 2021 10:52:04 +0300 Organization: Games and Theory Lines: 20 Message-ID: <87mtq6kh97.fsf@tigger.extechop.net> References: Mime-Version: 1.0 Content-Type: text/plain Injection-Info: reader02.eternal-september.org; posting-host="49c3dbd64a5301a69d4e660e9e25bad9"; logging-data="1415"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18afx/lObO3Cz/hElWj79v/" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) Cancel-Lock: sha1:r+0kovv7DztNzwrrZAb7CFZ/ps4= sha1:fKMhYPGPVukK/z3MDyk7OtaDpQM= X-Face: 'g'S,X"!c;\pfvl4ljdcm?cDdk<-Z;`x5;YJPI-cs~D%;_<\V3!3GCims?a*;~u$ wrote: > With the source code available for free, it also means the hackers can > more easily work out how to steal your information. Using open source > or hacked pirated versions for anything even remotely to do with > security is simply incredibly silly. "Hacked pirated" versions aside, security by obscurity never works in the long run. The security of cryptosystems should depend on things like your key management, not that nobody has got their hands on the source code. Widely used systems like openssl are open source and better for it, as they have open audits of how they are builts. -- /* * * Otto J. Makela * * * * * * * * * */ /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */ /* Mail: Mechelininkatu 26 B 27, FI-00100 Helsinki */ /* * * Computers Rule 01001111 01001011 * * * * * * */