Hacker News new | past | comments | ask | show | jobs | submit login

> Can you show it's actually encrypted?

When someone asks a question like this, they're not literally asking you to show them it.

They just want an expert to confirm it they could show it, so they can check off their box for due diligence.

Congratulations. You were the expert.




I would frame it more like this:

"Can you show it's actually encrypted?"

Yes, we ensure that the data is only available via TLS foo.bar with encryption algorithm baz, which is on the approved list. We have monitoring and logging that ensure that we receive an alert if the port the app is on is not encrypted, and if you'd like we can dump the traffic to show you that there is no clear text available.

Further, only users on the approved admin list can make a change or deploy to production, or login to the server as root. Moreover, we do a background check on employment for all users who have admin access, and all deployments and code changes require at least one other employee to approve them, and we log who they were, and what the change was.


Cool, you have added more word salad. The people ticking the checkbox have tuned out after half of the first sentence, _that_ was the point.


It's encrypted in flight with TLS, and on the back end it's encrypted with the retro-encabulator, with AES 512.


Have you done this in real life? I have....




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: