Hi, On Thursday 17 July 2008 19:42:54 Oleg Goldshmidt wrote: > On Thu, Jul 17, 2008 at 3:29 PM, Noam Rathaus <[EMAIL PROTECTED]> wrote: > > Hi, > > > > Some 2 cents > > > > == I am not affiliated with Mocana nor do I gain anything from writing > > this == > > > > Not sure if it helps, but another alternative is Mocana, I seen quite a > > few people/companies use it (Israeli), RAD is one of the names to comes > > to mind. > > > > Mocana is a complete package - i.e. gives you everything you need, SSL, > > SSH, etc, but the down side is it costs money. > > Hi Noam, > > And lean on storage, too. I am not sure it helps, for logistical > reasons, but thanks for the pointer. > > > But nothing since 2006 :) > > > > So I guess its ok, for the time being. > > > > I am not trying to say it is less/or more secure, but not having any > > public vulnerabilities in a product makes me jitter with fear :D, what is > > unknown scares me :) > > Is it really secure or just not used enough? ;-) > > Has DropBear (or LibTomCrypt) ever been audited? I'd think that you > would be one of those in the know... ;-)
I know OpenSSH has been extensively audited - and in turn found to be vulnerable - where as DropBear and libTomCrypt are less common, and in such less audited - however their code base is a lot smaller, making it "harder" for issues to hide in it. What I usually tell my customers, don't rely on obscurity to protect you, rely on response time - if an issue (security) arises address it as soon as possible with a patch, a firmware upgrade, etc, don't expect software developers to be flawless :) -- Noam Rathaus CTO [EMAIL PROTECTED] http://www.beyondsecurity.com "Know that you are safe." Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007 ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
