Maybe It's Snake Oil All the Way Down
Scott Guthery
sguthery at mobile-mind.com
Sun Jun 1 16:05:44 PDT 2003
Suppose. Just suppose. That you figured out a factoring
algorithm that was polynomial. What would you do? Would
you post it immediately to cypherpunks? Well, OK, maybe
you would but not everyone would. In fact some might
even imagine they could turn a sou or two. And you can
bet the buyer wouldn't be doing any posting. With apologies
to Bon Ami, "Hasn't cracked yet" is not a compelling security
story.
Cheers, Scott
-----Original Message-----
From: Rich Salz [mailto:rsalz at datapower.com]
Sent: Sun 6/1/2003 6:16 PM
To: Eric Rescorla
Cc: Scott Guthery; cypherpunks; cryptography at metzdowd.com
Subject: Re: Maybe It's Snake Oil All the Way Down
> There are a number of standard building blocks (3DES, AES, RSA, HMAC,
> SSL, S/MIME, etc.). While none of these building blocks are known
> to be secure ..
So for the well-meaning naif, a literature search should result in "no
news is good news." Put more plainly, if you looked up hash and didn't
find news of a SHA break, then you should know to use SHA. That assumes
you've heard of SHA in the first place.
Perhaps a few "best practices" papers are in order. They might help
the secure (distributed) computing field a great deal.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
More information about the cypherpunks-legacy
mailing list