managing and protecting nyms...
Eugen Leitl
eugen at leitl.org
Mon Nov 9 14:40:27 PST 2009
On Mon, Nov 09, 2009 at 06:58:51PM +0000, John Case wrote:
> All well and good, but who among us is running a straight "a.out"
> compilation of _only_ DES (or AES or whatever) such that our threat model
> is simply the validity of the pure algorithm ?
>
> I sure am not. Whether it be SSH or SSL or duplicity or Tor, we're all
> using cryptosystems that most certainly receive far too much credit simply
> by virtue of being "open source".
>
> Open source is only useful if _you_ open it - and maybe not even then.
> Youngs point is, what do you know about who is writing or reading or
> proofing it ?
>
> Open source should indeed be a requirement - nobody here would argue
> against it. But it's never an assurance - especially not with a big
> project like OpenSSH and so on ...
When figuring out things, you'll typically take the path of least
resistance. So you typically don't have to deal with breaking the
cryptosystem.
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list