16 Mar
2004
16 Mar
'04
4:42 p.m.
John Young <jya@pipeline.com> wrote:
Despite the long-lived argument that public review of crypto assures its reliability, no national infosec agency -- in any country worldwide -- follows that practice for the most secure systems. NSA's support for AES notwithstanding, the agency does not disclose its military and high level systems.
Nevertheless, given that the public has two options (disclosure or non-), it seems public review is as good as it gets. You're right, of course---don't put 100% trust in anything---but I think it's still reasonable to trust a publicly reviewed system more than a closed one. -- Riad Wahby rsw@jfet.org MIT VI-2 M.Eng