

Why even strong crypto wouldn’t protect SSNs exposed in Anthem breach - tptacek
http://arstechnica.com/security/2015/02/why-even-strong-crypto-wouldnt-protect-ssns-exposed-in-anthem-breach/

======
ryansouza
_Encryption is a useful tool (and a fun research area), but like all tools, it
's only useful if properly employed. If used in inappropriate situations, it
won't provide protection and will create operational headaches and perhaps
data loss from mismanaged keys._

 _PCI is a useful tool (and a fun research area), but like all tools, it 's
only useful if properly employed. If used in inappropriate situations, it
won't provide protection and will create operational headaches and perhaps
data loss from check lists._

 _Concurrency is a useful tool (and a fun research area), but like all tools,
it 's only useful if properly employed. If used in inappropriate situations,
it won't provide protection and will create operational headaches and perhaps
data loss from lock contention._

 _AI is a useful tool (and a fun research area), but like all tools, it 's
only useful if properly employed. If used in inappropriate situations, it
won't provide protection and will create operational headaches and perhaps
data loss from Skynet._

 _Computers is a useful tool (and a fun research area), but like all tools, it
's only useful if properly employed. If used in inappropriate situations, it
won't provide protection and will create operational headaches and perhaps
data loss from solar flares._

------
tptacek
I don't actually agree with this article, but it's interesting, and Bellovin
is always worth paying attention to.

------
SlipperySlope
I am developing financial software and need to keep customer data and other
secrets secure against OS compromise. Servers will have keys stored in a
hardware tamper-proof USB. All such data will be strongly encrypted. When
possible, the data will be used in its encrypted format, and if required to
decrypt, the plain text will be transient within the program.

What am I missing?

