[Discuss] Good and Bad Crypto

[blu at nedharvey.com (Edward Ned Harvey (blu))]

> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
> bounces+blu=nedharvey.com at blu.org] On Behalf Of Derek Martin
> 
> Anything involving security or encryption is rarely simply anything.

Point?


> Hogwash.  The difference is interested, qualified parties can't
> inspect the implementation to see if, say, using a particular key
> won't make the implementation upload logs of all your transactions to
> a black hat site, or download kiddie porn to your hardrive, etc..
> If you can't inspect it, you can't trust it.  Period.

In invite you to join us in the real world.


> > Nobody rolls his own crypto algorithm.  And I mean nobody.
> >
> > Everybody, and I mean everybody, uses a standard library implementation
> of an open standard.
> 
> This is also utter nonsense.

Nice link to 1996.  Ever since strong crypto became freely available and widely publicized, scrutinized, and packaged up into convenient libraries, the only people who write new experimental block ciphers are those people who are competing to become the next AES, SHA, etc.

In practice, all modern cryptography is using standard libraries, and if you're insane enough to deviate from the path, you deserve what you get.  Nobody does it.