Security ... think about it!
For example, is a SHA-256 hash of the user's password enough? Or do we need SHA-384? SHA-512, maybe? Would that really be any more secure? It's hard to know. And yet, all sorts of investment and deployment questions depend on the basic question "is the security good enough?" When similar products based on the SHA-3 family arrive, should we immediately scrap those based on SHA-2? Or can we continue using them happily until a natural replacement opportunity? Keep in mind, this is a USB drive we're talking about. One, single, small component. Replicate these questions, this complexity, throughout all of the other IT components-the disk drives, the network cards, the database engines, the application software, the everything-and you start to get an idea why security is so hard. The vulnerabilities can be anywhere, the complexities are everywhere. That's why we can't have nice security--at least, not with the simplicity and assurance we so crave.
