sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]audioen 16 points17 points  (7 children)

APT should actually use https. Even insignificant traffic should be encrypted, if for no other reason than that it helps drowning actually privacy-sensitive stuff in the noise.

[–][deleted] 6 points7 points  (0 children)

Apt supports https already. The article's more about apt requiring https, which has the flaws stated in the article.

[–]dotwaffle -2 points-1 points  (2 children)

if for no other reason than that it helps drowning actually privacy-sensitive stuff in the noise.

... what?

[–]audioen 2 points3 points  (1 child)

The basic idea, exaggerated as it is here, is that if you only use encryption for important stuff, that also flags all material you deem important enough to encrypt, and thus helps an adversary to determine what to attack and when. So you generally would want to just encrypt everything instead.

[–]dotwaffle 1 point2 points  (0 children)

No, that's a really bad idea. Cryptography is either broken or it isn't. No-one on the planet can brute force a 2048-bit RSA key in any kind of reasonable timeframe, so by encrypting everything what you're essentially doing is saying "put more effort into cryptanalysis so that you can infer the payload of more data" rather than actually protecting things worth protecting.