Suppose. Just suppose. That you figured out a factoring algorithm that was polynomial. What would you do? Would you post it immediately to cypherpunks? Well, OK, maybe you would but not everyone would. In fact some might even imagine they could turn a sou or two. And you can bet the buyer wouldn't be doing any posting. With apologies to Bon Ami, "Hasn't cracked yet" is not a compelling security story. Cheers, Scott -----Original Message----- From: Rich Salz [mailto:rsalz@datapower.com] Sent: Sun 6/1/2003 6:16 PM To: Eric Rescorla Cc: Scott Guthery; cypherpunks; cryptography@metzdowd.com Subject: Re: Maybe It's Snake Oil All the Way Down > There are a number of standard building blocks (3DES, AES, RSA, HMAC, > SSL, S/MIME, etc.). While none of these building blocks are known > to be secure .. So for the well-meaning naif, a literature search should result in "no news is good news." Put more plainly, if you looked up hash and didn't find news of a SHA break, then you should know to use SHA. That assumes you've heard of SHA in the first place. Perhaps a few "best practices" papers are in order. They might help the secure (distributed) computing field a great deal. /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html