[Discuss] Good and Bad Crypto

[peabo at peabo.com (Peter (peabo) Olson)]

On April 24, 2014 at 10:34 AM Richard Pieri <richard.pieri at gmail.com> wrote:
> Mike Small wrote:
> > heartbeat requirement at all for the TCP case, but it's always a bug to
> > take external untrusted data at its word in this way.
>
> I maintain that this isn't a bug; it's willful stupidity.

The reason a bug happens is not relevant when the bug causes damage.

> > Perhaps. There may be an economic argument why Open Source, or some
> > parts of it, isn't getting enough attention from enough of the right
> > people. I don't know. I only have trouble with the idea that having
>
> Most of the right people when it comes to crypto are identified by
> security agencies very quickly, and then either recruited or constrained
> before they pose any threat -- which is to say, before they can
> contribute substantially to either open source or proprietary ventures.
> Of those who remain, the ones who aren't good enough for the NSA and
> similar agencies, most either end up working for big companies like
> Microsoft and Google, because these are the only ones that can afford
> their salaries, or start their own security-related companies.

Phil Zimmerman, who was hounded for years legally and eventually prevailed.

peabo