-----BEGIN PGP SIGNED MESSAGE----- In <3.0.5.32.19971229094401.007a7570@otc.net>, on 12/29/97 at 12:44 PM, David Honig <honig@otc.net> said:
At 11:12 AM 12/26/97 -0600, William H. Geiger III wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
In <Pine.SUN.3.96.971226114446.17857A-101000@beast.brainlink.com>, on 12/26/97 at 11:45 AM, Ray Arachelian <sunder@brainlink.com> said:
Now this is interesting! :) (Either that or JA is smoking crack... - no idea on JA's reputation capital though...)
Well to be honest anyone who would trust the M$ crypto API get what they deserve.
Is this just random MS-baiting or do you have a real point re the API?
The API describes an interface to things you'd need for a cryptosystem. I believe it is up to implementors to instantiate the functions appropriately.
1. The sorce code for the crypto API is not available for peer review. I would not recomend using any crypto API where I was unable to review if it performend as advertised. 2. If one does not have the ability of peer-review then one must rely on trust. Through past actions MS has shown to be an untrustworthy company (IMHO trust is not a sufficient replacement for peer review). 3. The MS crypto API can not be modified nor replaced. Export version of the MS API contain only export apporved algrothms of export approved strength. I think the 3 reasons above should be sufficient reason not to use the API. This is not soly an attack against M$. The same argument can be used against SUN, IBM, RSADSI, Lotus, ...ect. I wouldn't trust any of them to tell me that water was wet let alone tell me that their crypto API's were secure. No Code = No Trust!! - -- - --------------------------------------------------------------- William H. Geiger III http://users.invweb.net/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a-sha1 Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBNKfqxI9Co1n+aLhhAQFf9gP/e3gdjHaiRPcZeeSHJj/zaOF2On3EncPR kfvuVL83zoa2MzBeMaQAskkXn+j4B7mDPBKhbn6tbK5da7JXgvZxEFPTc3WIaxMk Y9KIZLHmzSbQZGQn/pKD+63Naw6apZMaNLM8i2cEhuGbavURXLl5lSnnVsSgIVCk RD5FIhr9vQU= =TwPk -----END PGP SIGNATURE-----