The assumption that "having cracked a cipher" leads to "can make lots of money from the break" is one held mostly by those who have never attacked real systems, which have evolved with lots of checks and balances. The very best way to make money from cracking ciphers seems to be to patent the break, and the fixes, and then consult to those who use the cipher, because they need your expertise to fix their systems. P. may have a patent on this method. Adam On Sun, Jun 01, 2003 at 07:05:44PM -0400, Scott Guthery wrote: | Suppose. Just suppose. That you figured out a factoring | algorithm that was polynomial. What would you do? Would | you post it immediately to cypherpunks? Well, OK, maybe | you would but not everyone would. In fact some might | even imagine they could turn a sou or two. And you can | bet the buyer wouldn't be doing any posting. With apologies | to Bon Ami, "Hasn't cracked yet" is not a compelling security | story. | | Cheers, Scott | | -----Original Message----- | From: Rich Salz [mailto:rsalz@datapower.com] | Sent: Sun 6/1/2003 6:16 PM | To: Eric Rescorla | Cc: Scott Guthery; cypherpunks; cryptography@metzdowd.com | Subject: Re: Maybe It's Snake Oil All the Way Down | | | | > There are a number of standard building blocks (3DES, AES, RSA, HMAC, | > SSL, S/MIME, etc.). While none of these building blocks are known | > to be secure .. | | So for the well-meaning naif, a literature search should result in "no | news is good news." Put more plainly, if you looked up hash and didn't | find news of a SHA break, then you should know to use SHA. That assumes | you've heard of SHA in the first place. | | Perhaps a few "best practices" papers are in order. They might help | the secure (distributed) computing field a great deal. | /r$ | -- | Rich Salz Chief Security Architect | DataPower Technology http://www.datapower.com | XS40 XML Security Gateway http://www.datapower.com/products/xs40.html -- "It is seldom that liberty of any kind is lost all at once." -Hume