-----BEGIN PGP SIGNED MESSAGE----- J. Michael Diehl <uunet!triton.unm.edu!mdiehl> writes:
Even as a former 'hacker' myself, the second to last person I would trust not to install a backdoor (next to the NSA) is a hacker.
Are you meaning to imply that there is a backdoor in this package? If so, how do you justify this claim?
It seems safer to assume that the software is insecure, until proven otherwise. This is the approach that's been taken with the Clipper chip, and seemed reasonable in that case - I suggest that it is in this case, as well.
In addition, merely having been a systems hacker hardly qualifies one for writing complex crypto software. Without any assurance as to the authors' qualifications for writing a crypto package, or their integrity. Even if I could trust their integrity, I'm very leery of black-box software.
You seem to know something about them that I do not. Care to share your knowledge? Thanx in advance.
Rather, the original poster (Clark Reynard) seems to *not* have information - e.g., information about how or why the author(s) of this crypto package are trustable, or why we should consider their software secure if we can't look at the source. If they are so naive as to think that the NSA can't afford a copy of Sourcer and a few person-hours to disassemble VinCrypt, what other (absurd) assumptions have they made? If a machine can execute it, a machine (or a machine and a person) can disassemble it. I can't believe that anyone's willing to take this VinCrypt crap even a little bit seriously. Any dork with a laser printer can print up a press release and mail it out - looks like maybe this was a slow week for the computer press. As far as I can tell, we're supposed to assume that VinCrypt is useful software because of the political/social perspective of its authors. While I share their suspicion of the powers that be, I do not trust them to write software that is free of intentional and/or nonintentional weaknesses. -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLARuSX3YhjZY3fMNAQESdQP+LP7jdBJLzvzDItehb4Lwwwch9Wi1LfS6 5pvPd/+NeXYNb2RDYSbf7RNvQ6nQTgLYvD9cs8Xw5kXAJzhA/6PVULgMj66OsC63 3SMeVzQuu3Ui0Ki0nF+RslKNDL/gffurPSzJ9Pwn4uCiAFiXObjkriYE5M02bJOw Ax7pVUq7ueQ= =Mj7Z -----END PGP SIGNATURE----- -- Greg Broiles greg@goldenbear.com Golden Bear Computer Consulting +1 503 465 0325 Box 12005 Eugene OR 97440 BBS: +1 503 687 7764
participants (1)
-
gregļ¼ ideath.goldenbear.com