[stunnel-users] Three patches

Michal Trojnara Michal.Trojnara at mirt.net
Mon Jun 7 11:45:08 CEST 2010


Jason Haar wrote:
> IMHO I think you're over-engineering this. If that is the enemy you
> *have to* design against, then you shouldn't be using SSL - you should
> get yourselves a bunch of cryptologists and invent your own proprietary
> alternative like DRM products do - security-through-obscurity is
> probably your best friend... However if the bad guys have your
> equipment, then they can reverse engineer that too.

In my humble opinion as a cryptologist
(http://ehash.iaik.tugraz.at/wiki/StreamHash) and a penetration tester
(http://www.linkedin.com/in/mtrojnar) security-through-obscurity is your
worst enemy.  It is also *my* best friend, since I make a living by
breaking proprietary cryptographic protocols.  8-)

Mike



More information about the stunnel-users mailing list