[spydum]

I was watching this just because it's fun to see bad implementations. I was totally caught offguard when the vendor presented their own view of the problem! Did not see that coming. Makes for a more interesting presentation IMHO (both sides of the issue, no finger pointing)!

often we hear about how broken something is, very RARELY do you get to see the remediation action and decision making. Hats off to the guys at EncSecurity for stepping up to fix their issues AND sharing the lesson with the industry.

[benlivengood]

It's also a pretty strong indictment of any sort of add-on file encryption software. HMACing files is out of scope and not the intention of the software and too difficult to implement to boot? Waiting for enough PBKDF2 rounds will annoy customers, when Microsoft office products take multiple seconds in a splash screen to load? I am probably just spoiled by OSS/free software offerings.

It would be great if exFAT was not patent-encumbered and supported native encryption+integrity. ZIP archives at least provide cross-platform encryption+integrity with AES-256 but without block-level hmacs or encrypted file names. Maybe Windows will add support for ZFS someday?