Cryptography and the Open Source Security Debate

John Kelsey kelsey.j at
Tue Aug 10 08:16:32 EDT 2004

> From: lrk <crypto at>
> Sent: Aug 6, 2004 1:04 PM
> To: "R. A. Hettinga" <rah at>
> Cc: cryptography at
> Subject: Re: Cryptography and the Open Source Security Debate

> More dangerous is a key generator which deliberately produces keys which
> are easy to factor by someone knowing a secret. These should be found
> in open source but I suggest many reviewers could miss this and again the
> "group think" would probably cause most not to even look.

So, how many people on this list have actually looked at the PGP key generation code in any depth?  Open source makes it possible for people to look for security holes, but it sure doesn't guarantee that anyone will do so, especially anyone who's at all good at it.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list