On Fri, 16 Aug 2002, Adam Back wrote:
failure to realise this issue or perhaps just not caring, or lack of financial incentives to care on the part of software developers. Microsoft is really good at this one. The number of times they re-used RC4 keys in different protocols is amazing!
Don't forget schedule pressure, the overhead of bringing in a contractor to do crypto protocol design, and the not-invented-here syndrome. I think all of these contribute to keeping protocol design in-house, regardless of the technical skill of the parties involved. It takes a serious investment in time to qualify a consultant. If having the protocol right isn't a top priority, that investment won't be made...and I'd guess that designing a new protocol isn't common enough to merit a separate job/new hire in most organizations. -David