Nanashi comments on A pair of free information security tools I wrote

Nanashi 16 Apr 2015 19:59 UTC
−1 points
I’m not going to lose any sleep over that, at least with regard to the PGP tool.
- Nanashi 18 Apr 2015 19:46 UTC
  0 points
  Parent
  Since someone seemed to take issue with this, I’ll clarify: all the potential security flaws that we’ve discussed here operate under the assumption that I maliciously attempted to subvert the stated purpose of this tool. Since I am ~100% confident that I did not, in fact, do this, I am not too concerned.
  - Lumifer 19 Apr 2015 2:04 UTC
    −3 points
    Parent
    
    all the potential security flaws that we’ve discussed here operate under the assumption that I maliciously attempted to subvert the stated purpose of this tool
    
    This is not true at all. Security flaws of a crypto tool are bugs which make it less secure than expected and which the author is typically not aware of. Software with a hidden malicious load is just a trojan (or malware in general).
    - Nanashi 19 Apr 2015 3:41 UTC
      4 points
      Parent
      Note that I said “all the potential security flaws we’ve discussed here”. Not, “any possible security flaw.”
      
      This is precisely why I’ve been annoyed by the direction this thread has taken. If someone wants to talk about potential flaws specific to this tool, I’m all ears. But instead it’s mostly been a discussion about all the different ways I could possibly slip a Trojan into this tool.
      - Lumifer 19 Apr 2015 5:33 UTC
        1 point
        Parent
        
        But instead it’s mostly been a discussion about all the different ways I could possibly slip a Trojan into this tool.
        
        I don’t believe I ever said anything like that.
        Nanashi 19 Apr 2015 11:54 UTC
        2 points
        Parent
        You didn’t. Sorry, I should have clarified. When I said “this thread” I meant “the comments in general” and not your particular reply.