|
|
|
|
|
|
by huhtenberg
5533 days ago
|
|
|
If you publish security spec and adhere to it in a way that allows independent verification of its implementation, then - yes, you will convince that what was claimed is true. Perhaps, the easier route for you would be to just drop the whole "encrypted" angle and simply state that you provide reasonable protection of files while in transit and in your possession. That would satisfy 99.9% of real users and it will not rub cryptographic pedants the wrong way. The issue at hand is not that you don't encrypt properly, but that you over-promised, and over-promised in a very sensitive area. (correction) "over-promised" = "implied more than what was said", i.e. what Miguel referred to as "wishy-washy statement". |
|
|