[Discuss] Good and Bad Crypto

[Richard Pieri]

Tom Metro wrote:
> Anyone who read this thread will recall that my comments were in the
> context of a certain class of errors.

Here's what you wrote:

> That's a simplistic understanding of how crypto algorithms work. An
> algorithm might consist of multiple layered state machines, and
> triggering a flaw might require hitting upon a state that your
> randomized black-box testing might find only once in a thousand years.

> Source code analysis has the potential to find these, if the code is
> analyzed. Back-box testing will find them only if you are very lucky.

The knife cuts both ways, Tom. If white hats can use tools like these to 
find flaws in code then black hats can use the same tools to find the 
same flaws. Closed source crypto becomes more beneficial to the world 
than open source crypto because it denies black hats the ability to use 
to these tools against it and leaves them with your once in a thousand 
years chance of accidentally finding a flaw.

Laughable, like I said.

-- 
Rich P.