Thus spake Tyler Durden (camera_lumina@hotmail.com) [11/04/06 22:03]: : That being the case, then using ANY crypto for popular apps is better than : (and not equal to) nothing. Half-assed crypto is not necessarily better than no crypto. Let's say that the crypto in Skype turns out to be a load of bunk (hey, it could happen). How many people won't find out? How many will continue to believe it's okay? How many people will be bitten? And, perhaps most importantly, how many people won't care? Easily broken crypto, that is not advertised as such, is arguably worse than no crypto: people do things under the illusion they're safe, when they aren't. Take WEP as an example of this: 'twould have been better to just not have it at all, and have people focus on using 'proper' technologies (IPSec, OpenVPN, etc.) than to include it and give people a false sense of security. : arguments that "they can break anything so why bother" are : counterproductive at best and suspicious at worst. And even if they /could/ break anything, it still takes time, right? Throw enough data their way, and they're suddenly unable to break everything.