|
|
|
|
|
|
by pnathan
5612 days ago
|
|
|
There is a cost to installing security, particularly at the higher levels of FIPS certification. Let no one dispute that. But I consider the idea of allowing your passwords to flow over the wire in plaintext and allowing other information to flow in plaintext to be quite ridiculous. The author suggests a false dichotomy: 2048bit encryption (which algorithm? he doesn't say) or none. There are a lot of complexities here that can be tuned for your business and its requirements. At least, if you can hire a competent security guy. |
|
|
Completely agree. Which is why I say at the end of my original comment that security is "always a compromise." Put another way, you weigh the day-to-day cost of more hardware and man hours against the potential future cost of a serious security exposure.
Unfortunately most people are bad at calculating potential future costs. Which leads us to your second point about needing a good security guy. =]