Reply to post: Re: Does there need to be an obligation to "encrypt" ?

TalkTalk attack: 'No legal obligation to encrypt customer bank details', says chief

just another employee

Re: Does there need to be an obligation to "encrypt" ?

It is very easy to throw bricks through windows here. What we really need is an expert to define some things....

..what encryption ? algorithm?, key length? protocols?

..and implementations that would actually use of the data that is encrypted ? - user access controls? key management security? multi-user access (in a world of web many users per one application is common you know)...

Just saying.

I am not defending Talk Talk as I do not know the full attack vector.

However,

Is it the drivers fault if the car manufacturer allowed a faulty batch of emissions control modules to be installed ?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021