Maybe It's Snake Oil All the Way Down

Adam Shostack adam at homeport.org
Sun Jun 1 19:54:45 EDT 2003


The assumption that "having cracked a cipher" leads to "can make lots
of money from the break" is one held mostly by those who have never
attacked real systems, which have evolved with lots of checks and
balances.

The very best way to make money from cracking ciphers seems to be to
patent the break, and the fixes, and then consult to those who use the
cipher, because they need your expertise to fix their systems.  P. may
have a patent on this method.

Adam


On Sun, Jun 01, 2003 at 07:05:44PM -0400, Scott Guthery wrote:
| Suppose.  Just suppose.  That you figured out a factoring
| algorithm that was polynomial.  What would you do?  Would
| you post it immediately to cypherpunks?    Well, OK, maybe
| you would but not everyone would.  In fact some might
| even imagine they could turn a sou or two.  And you can
| bet the buyer wouldn't be doing any posting. With apologies
| to Bon Ami, "Hasn't cracked yet" is not a compelling security 
| story.
|  
| Cheers, Scott
| 
| 	-----Original Message----- 
| 	From: Rich Salz [mailto:rsalz at datapower.com] 
| 	Sent: Sun 6/1/2003 6:16 PM 
| 	To: Eric Rescorla 
| 	Cc: Scott Guthery; cypherpunks; cryptography at metzdowd.com 
| 	Subject: Re: Maybe It's Snake Oil All the Way Down
| 	
| 	
| 
| 	> There are a number of standard building blocks (3DES, AES, RSA, HMAC,
| 	> SSL, S/MIME, etc.). While none of these building blocks are known
| 	> to be secure ..
| 	
| 	So for the well-meaning naif, a literature search should result in "no
| 	news is good news."  Put more plainly, if you looked up hash and didn't
| 	find news of a SHA break, then you should know to use SHA.  That assumes
| 	you've heard of SHA in the first place.
| 	
| 	Perhaps a few "best practices" papers are in order.  They might help
| 	the secure (distributed) computing field a great deal.
| 	        /r$
| 	--
| 	Rich Salz                     Chief Security Architect
| 	DataPower Technology          http://www.datapower.com
| 	XS40 XML Security Gateway     http://www.datapower.com/products/xs40.html

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list