Saturday, February 03, 2007

Don't Believe Everything you Read About Security

Washington Post has a Q&A up that asks "When I log into my Internet provider's Web-mail page, I don't see the usual lock icon. Isn't it dangerous to send a password over the Internet without encryption?" And proceeds to tell people to fear sites which don't employ the little lock.

It's true, sending passwords over the public lines in clear text is asking for trouble. But that doesn't mean that the little lock is the only way to do it. In fact, that little lock costs a lot of money for websites to purchase (and repurchase, on an annual basis). But there are alternatives that are just as good. LegSim uses such a system, relying on basic cryptography and some intelligence. Just because a site doesn't chose to buy into the SSL certificate racket doesn't mean it can't be trusted.

No comments: