"Scott Guthery" <sguthery@mobile-mind.com> writes:

...

When I drill down on the many pontifications made by computer security and cryptography experts all I find is given wisdom. Maybe the reason that folks roll their own is because as far as they can see that's what everyone does. Roll your own then whip out your dick and start swinging around just like the experts.

Perhaps I'm not looking in the right places. I wade through papers from the various academic cryptography groups, I hit the bibliographies regularly, I watch the newgroups, and I follow the patent literature. After you blow the smoke away, there's always an "assume a can opener" assumption. The only thing that really differentiates the experts from the naifs is the amount of smoke.

This kind of thinking is similar to the difference between and engineer's persepective and that of a mathematician or "pure" scientist. Basically, it might not be bad to consider all crypto systems 'insecure' to some extent. However, for well-designed cryptosystems the cost of breaking can be made to scale with the level of security needed. -TD _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus