> But you seem to claim that it isn't sound, which also isn't possible without an audit.
That's not quite true, right? If encryption was successfully broken, then you wouldn't need an audit. Even if it wasn't broken, there's still things like this: http://pthree.org/2012/02/17/ecb-vs-cbc-encryption/
That's not quite true, right? If encryption was successfully broken, then you wouldn't need an audit. Even if it wasn't broken, there's still things like this: http://pthree.org/2012/02/17/ecb-vs-cbc-encryption/