Hacker News new | past | comments | ask | show | jobs | submit login

While this milestone is wonderful, don't forget that it can't be decrypted for now. IMO we trust contemporary encryption algorithms too much, putting too much data through the wires that will only increase in value. We aren't at the end of the evolution either: we still don't have really secure random generators everywhere, we are still using key exchange methods that aren't quantum proof. And of course, computer programs (as well as hardware) still have security bugs.



Encryption is worthless without properly enforcing it. How easy is it to trick your victim's bank into granting you access with a SIM swap? We need 2FA everywhere and stop relying on SMS for authentication.


I agree that we need 2FA and that we shouldn't rely on SMS. That said, saying encryption is worthless because other threat vectors exist is a bit hyperbolic. Security is all about defense in layers. There's several orders of magnitude difference in the difficulty of performing a SIM swap attack vs sucking up passwords on coffee shop wifi.


It's not worthless. It shrinks the attack surface and makes attacks more costly to execute. There's always an arms race though :P


All banks should adopt U2F and hopefully sooner than later :)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: