HackerTrans
TopNewTrendsCommentsPastAskShowJobs

sixtiethutopia

no profile record

comments

sixtiethutopia
·2 ay önce·discuss
That's not what security through obscurity means. Security through obscurity has a specific meaning, it doesn't just mean to gain security by hiding anything it means to attempt to gain security by hiding how a system works.

ASLR is a well understood system that exploit writers know to expect and thus ASLR is not security through obscurity.
sixtiethutopia
·geçen yıl·discuss
It's email-compatible and uses pgp for encryption. No forward secrecy and supports sending unencrypted messages as well for people who don't have pgp.

No forward secrecy and will automatically switch to unencrypted messages if you receive an unencrypted message from a contact.

I wonder if it's vulnerable to downgrade attacks from adversaries falsifying the sending address. If an adversary sends an unencrypted email imitating a contact will delta chat reject it or will it silently switch the chat with that contact over to unencrypted email?
sixtiethutopia
·geçen yıl·discuss
This kind of "ethics" is common in many different areas.

For example in rock climbing there's no cheating, only lying.

There's nothing wrong with hangdogging a route (relying on the rope/gear to rest while ascending a route) but if you then tell people that you redpointed the route (climbed the route start to finish without relying on the rope/gear) then you're a liar.