CipherCloud Invokes DMCA To Block Discussions of Its Crypto System 85
New submitter brennz writes "Cryptographers on StackExchange were discussing CipherCloud, using some promotional material from the same to provide detail. CipherCloud responded with a DMCA takedown request that some have characterized as abusive."
We know how good CipherCloud is (Score:5, Interesting)
Re:back up again (Score:5, Interesting)
There is no copyright "right" that is any equal to Human and Civil rights - including those of free speech.
There are two broad categories I like to use in describing laws and their application. Oppressive and Protective.
Oppressive law is mandated for the establishment and defence of Power.
Protective law seeks the institution and restoration of Justice.
DMCA is a prime example of oppressive law - and how tricky this distinction can be, as it masquerades itself as a measure for the protection of some natural right. In this case, the "rights" protected are - of course - merely a concession managed by the state, enacted through legislation and constitution.
Re:Security credibility DEPENDS on peer review (Score:4, Interesting)
Allow me to let you in on a secret: A good portion of people writing "security" software don't really understand it either. You can tell when you review it. There is a fair lot of cargo cult programming going on, coupled with the use of libraries without first reviewing them or understanding their inner working or at least knowing to what degree it is self-sealing or how far you have to sanitize the input. This by itself is not yet a huge problem, as long as the libraries themselves work flawlessly, they are well and completely documented (and that documentation actually gets read) and they are being used correctly. And those things are more often than not a real problem.
Now couple this with programmers using a lot of copy/pasting to get their programs written, often from rather dubious and not reviewed sources (you know the kind, where self proclaimed experts exchange their ideas what programming is like...), possibly copying snippets that were by no means MEANT to be secure or sanitized, and I guess I needn't go into detail.
Slight nuance (Score:4, Interesting)
Cryptographics? In a few hours I could conjure up cryptographic algorithms, which encrypt text in a way I could not decrypt myself in a 1000 years. Too bad I can never be sure that a cryptographic expert could read my encryption almost like plain text. Odds are that exactly something like that would happen.
You have a healthy respect for cryptography, and that's good. However, I will point out that many standard crypto algorithms have test suites. If your crypto implementation yields the expected result for all the test cases, then you can be reasonably certain that your implementation is correct rather than having self-canceling bugs on encrypt/decrypt.
However, then you have to ask yourself *why* you are reimplementing a standard crypto algorithm when there are multitudinous well-tested libraries available for such.
Of course, this neglects implementation concerns like timing attacks, improperly secured key material, etc... which one would hope that the standardized, well-tested implementation libraries have already addressed insofar as possible.
Re:back up again (Score:3, Interesting)
Adding CipherCloud on blacklist of non-recommended products/companies for my clients. Point. Issue closed at....