If You Want to Protect A Security Secret, Make Sure It's Public
Riad S. Wahby
rsw at jfet.org
Tue Mar 16 08:42:25 PST 2004
John Young <jya at pipeline.com> wrote:
> Despite the long-lived argument that public review of crypto assures
> its reliability, no national infosec agency -- in any country worldwide --
> follows that practice for the most secure systems. NSA's support for
> AES notwithstanding, the agency does not disclose its military and
> high level systems.
Nevertheless, given that the public has two options (disclosure or
non-), it seems public review is as good as it gets.
You're right, of course---don't put 100% trust in anything---but I
think it's still reasonable to trust a publicly reviewed system more
than a closed one.
--
Riad Wahby
rsw at jfet.org
MIT VI-2 M.Eng
More information about the cypherpunks-legacy
mailing list