Hacker Newsnew | comments | show | ask | jobs | submit login

There is a cost to installing security, particularly at the higher levels of FIPS certification. Let no one dispute that.

But I consider the idea of allowing your passwords to flow over the wire in plaintext and allowing other information to flow in plaintext to be quite ridiculous.

The author suggests a false dichotomy: 2048bit encryption (which algorithm? he doesn't say) or none.

There are a lot of complexities here that can be tuned for your business and its requirements. At least, if you can hire a competent security guy.




"There is a cost to installing security, particularly at the higher levels of FIPS certification. Let no one dispute that."

Completely agree. Which is why I say at the end of my original comment that security is "always a compromise." Put another way, you weigh the day-to-day cost of more hardware and man hours against the potential future cost of a serious security exposure.

Unfortunately most people are bad at calculating potential future costs. Which leads us to your second point about needing a good security guy. =]

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: