Yes I have some follow-up questions for you:
Did you ever end up getting a letter of attestation or public report from Fallible, just out of curiosity?
Are you able to determine whether any current users (and/or how many) are affected by ENT-01-001
(i.e. have weak passwords)?
ENT-01-002
is an interesting problem, I think that we would have to include a warning about it on the site because encryption strength is directly tied to password strength, so changing a weak password to a strong password would not increase encryption strength. This is particularly a problem for anyone that might be affected by ENT-01-001
of course. Am I correct in thinking that the only solution in this case would be to create a new ente account and re-upload?
What was Symbolic Software’s role in this? Did they have a separate report?
Overall though, I think ente is coming out of this looking quite good! @dngray you have been testing ente and liked it, right? I’m going to mark this as approved and we can start working on adding it to the site (I am thinking a new photo management providers page), but I’ll also wait for @vishnukvmd’s responses here to determine how exactly we’ll word the listing