Cryptography and the Open Source Security Debate
John Kelsey
kelsey.j at ix.netcom.com
Tue Aug 10 08:16:32 EDT 2004
> From: lrk <crypto at ovillatx.sytes.net>
> Sent: Aug 6, 2004 1:04 PM
> To: "R. A. Hettinga" <rah at shipwright.com>
> Cc: cryptography at metzdowd.com
> Subject: Re: Cryptography and the Open Source Security Debate
...
> More dangerous is a key generator which deliberately produces keys which
> are easy to factor by someone knowing a secret. These should be found
> in open source but I suggest many reviewers could miss this and again the
> "group think" would probably cause most not to even look.
So, how many people on this list have actually looked at the PGP key generation code in any depth? Open source makes it possible for people to look for security holes, but it sure doesn't guarantee that anyone will do so, especially anyone who's at all good at it.
--John
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list