retr0.id/media/bd23a2fb-c7a6-4…

alt text:

Goose chase meme. In the first frame, the goose asks “all the data is encrypted?” In the second, the goose chases a person, asking “encrypted how and with whose keys, motherfucker?”

@196

  • pohart
    link
    fedilink
    arrow-up
    98
    ·
    1 year ago

    I once had to work with a government agency that insisted they generate and provide my private key.

    • 8ace40
      link
      fedilink
      arrow-up
      28
      ·
      1 year ago

      I’m migrating millons of encrypted credit cards from one platform to another (it’s all in the same company, but different teams, different infra, etc).

      I’m the one responsible for decrypting each card, preparing the data in a CSV, and encrypting that CSV for transit. Other guy is responsible for decrypting it, and loading it into the importer tool. The guy’s technical lead wanted me to generate the pair of keys and send him the private key, since that way I didn’t have to wait for the guy and “besides, it’s all in the same company, we’re like a family here”.

      Of course I didn’t generate the key pair and told them that I didn’t want to ever have access to the private key, but wow. That made me lose a lot of respect for that tech lead.