----- Original Message ----- From: "R. A. Hettinga" <rah@shipwright.com> Subject: Re: Nullsoft's WASTE communication system
It's been pulled -- and mirrored :-). Nullsoft's part of AOHell. Gee, I wonder how *that* happened...
It should've been pulled for several reasons. The primary one being that it is basically worthless securitywise. It uses RSA PKCS#1 v1.5 (the one everyone seems to pick on, and always seems to find a way to be insecure), Blowfish which supplied a maximum of 150-some gigabytes before insecurity (birthday paradox), used PCBC which only serves one function and that's having the longest name. MD5 which should be retired. In short cryptographically it simply wasn't any good. Now if it was pulled bacause AOL decided to pull it, I don't have a problem with that. Joe Trust Laboratories Changing Software Development http://www.trustlaboratories.com