Is this encryption method secure?
1 minute ago, JacobFW said:But there's also the PR factor. It's bad enough trying your damnedest to design a program to be secure and releasing it to the public, only for hackers to starting finding bugs in it. If you release a product to the public with a known and critical security flaw, it will be found and it will utterly destroy, not just your company, but your own name, and your career in the security industry is over.
Actually disagree with you here. Mostly because OP seem to be focussed on building a program which has "good enough" security, not a program that is "secure" otherwise this would be a terrible place to post to.
And in fact MITM attacks are so powerful, that the only way to get around it is 2 factor authentication.
Speaking of which a possible other solution that can be done with moderate effort and is not terribly inconvenient is either using email as a second factor (as is so common in the industry) or much better sending an SMS to a mobile phone number setup at registration.
However this is still vulnerable to an MITM attack at signup, but hey if someone can do that, they can do pretty much anything
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now