[paulpauper]

It seems every few months we hear a story about something which is supposed to be secure not actually being secure or secure as expected.

Someone should make a bug bounty for all the major encryption programs, 7zp, wnzip, etc. Allocate 5 or so encrypted bitcoin private keys (with brute-force resistant passwords) for each program and see how long it lasts, with he public keys made public so people verify the status. if zip's bounty has lasted years, then it's reasonable to assume it's safe.

[cataflam]

Not exactly the same, but the EU has commissioned audits and just started a bug bounty program on some important open source projects.

https://juliareda.eu/2018/12/eu-fossa-bug-bounties/

[zokier]

Cryptography doesn't quite work that way. Just because recovering cleartext is not feasible in some specific case does not make a cryptosystem secure in general.

[Hello71]

In fact, that's basically what Telegram did with their impossible "crypto contests": provide a specific attack scenario, promise lots of money to break that (impossible) scenario, and then claim that it is secure against all possible attacks.

[AnaniasAnanas]

That seems interesting. Do you have any links explaining the situation?

[whyever]

https://hackerfall.com/story/a-crypto-challenge-for-the-tele...