Maybe It's Snake Oil All the Way Down

[Scott Guthery]

Suppose.  Just suppose.  That you figured out a factoring
algorithm that was polynomial.  What would you do?  Would
you post it immediately to cypherpunks?    Well, OK, maybe
you would but not everyone would.  In fact some might
even imagine they could turn a sou or two.  And you can
bet the buyer wouldn't be doing any posting. With apologies
to Bon Ami, "Hasn't cracked yet" is not a compelling security 
story.
 
Cheers, Scott

	-----Original Message----- 
	From: Rich Salz [mailto:rsalz at datapower.com] 
	Sent: Sun 6/1/2003 6:16 PM 
	To: Eric Rescorla 
	Cc: Scott Guthery; cypherpunks; cryptography at metzdowd.com 
	Subject: Re: Maybe It's Snake Oil All the Way Down
	
	

	> There are a number of standard building blocks (3DES, AES, RSA, HMAC,
	> SSL, S/MIME, etc.). While none of these building blocks are known
	> to be secure ..
	
	So for the well-meaning naif, a literature search should result in "no
	news is good news."  Put more plainly, if you looked up hash and didn't
	find news of a SHA break, then you should know to use SHA.  That assumes
	you've heard of SHA in the first place.
	
	Perhaps a few "best practices" papers are in order.  They might help
	the secure (distributed) computing field a great deal.
	        /r$
	--
	Rich Salz                     Chief Security Architect
	DataPower Technology          http://www.datapower.com
	XS40 XML Security Gateway     http://www.datapower.com/products/xs40.html