Nullsoft's WASTE communication system
Joseph Ashwood
ashwood at msn.com
Fri May 30 16:08:01 EDT 2003
----- Original Message -----
From: "R. A. Hettinga" <rah at shipwright.com>
Subject: CDR: Re: Nullsoft's WASTE communication system
> It's been pulled -- and mirrored :-). Nullsoft's part of AOHell. Gee, I
> wonder how *that* happened...
It should've been pulled for several reasons. The primary one being that it
is basically worthless securitywise. It uses RSA PKCS#1 v1.5 (the one
everyone seems to pick on, and always seems to find a way to be insecure),
Blowfish which supplied a maximum of 150-some gigabytes before insecurity
(birthday paradox), used PCBC which only serves one function and that's
having the longest name. MD5 which should be retired. In short
cryptographically it simply wasn't any good. Now if it was pulled bacause
AOL decided to pull it, I don't have a problem with that.
Joe
Trust Laboratories
Changing Software Development
http://www.trustlaboratories.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list