"actually, i think an honest look at the security/privacy mechanisms provided by today’s tools precisely describes a case where ‘a little better than awful’ would be preferred. my mother emailed me some bank account information just last week. there isn’t any exploit required there. security software experts have failed horribly to provide tools that actual living breathing human beings might use and this is why most of them have just given up and use hotmail.
i personally find it astounding that the kind of people who will deny this probably have an actual brand new credit card sitting in their unlocked mailbox and feel perfectly comfortable with this fact.
your information’s security is only as strong as it’s weakest link. this includes the locks on your home, your mailbox, and the granularity you shred your trash with."
This sentiment falls victim to the fallacy that something is secure because it should be secure. The commenter is right that the "security software experts" have failed to protect his mom. But Javascript cryptography doesn't care. It's still insecure. Engineering is a spectacular douchebag, but it is in charge nonetheless.
Given the option between his mom sending it unencrypted, and encrypting it with an easy-to-use extension he set up for her, why not encrypt it? Surely it can't _hurt_ an already horrible situation?
Both of these options are worse than not mailing banking information at all. Both of them are worse than encrypting properly, which, in this mom's case, means installing PGP.
Yes, in this case, bad crypto can make a bad situation worse: it can create a false sense of security.
And in the general case, bad crypto does much worse things than that. Logging in without a password. Flipping bits in a cookie to become any user on the system. Gaining admin privileges. Spoofing authorities to collect secrets from users.
Bad crypto does not care how horrible your mom has it. Engineering says, bad crypto is going to be bad no matter how hurt your feelings are.
Link me to a well written PGP tutorial that even normally experienced people can use with Gmail. Perhaps this would be more useful than all this JS Crypto.
I simply disagree on practical terms. If I have the choice between the two, I am going to make my mom encrypt it with this library. That doesn't mean I feel perfectly safe and secure about it, but I feel better than not having encrypted it at all. Much like using a car alarm - I know it cannot ultimately prevent someone from stealing my car, but it certainly weeds out all but the most persistent attackers.
Moreover, for noncritical things, like my example of fantasy football plans, this appears to be a perfectly reasonable solution.
http://rdist.root.org/2010/11/29/final-post-on-javascript-cr...