threadreaderapp.com
4 votes fc — 4 votes, 4 commentsSource

wow what a Fuck up. I used 7z before with encryption because the compression is quiet good and many platforms support it. But an IV with do many zeros is kinda weird in itself. it’s really easy to get good entropy.

It’s easy to get good entropy because there are libraries available, but good entropy is not really that easy to generate. We wouldn’t have so many sidechannel attacks otherwise.

I understand this is a rant, but the way this post is written makes me want to talk less and less with those cryptonerds.

how dare someone speak sardonically about the wonderful state of security in the software industry!