picking a hash function to be encrypted
Victor Duchovni
Victor.Duchovni at MorganStanley.com
Sun May 14 21:49:12 EDT 2006
On Sun, May 14, 2006 at 07:56:17PM -0500, Travis H. wrote:
> On 5/14/06, Victor Duchovni <Victor.Duchovni at morganstanley.com> wrote:
> >Security is fragile. Deviating from well understood primitives may be
> >good research, but is not good engineering. Especially fragile are:
>
> Point taken. This is not for a production system, it's a research thing.
>
> >TLS (available via OpenSSL) provides integrity and authentication, any
> >reason to re-invent the wheel? It took multiple iterations of design
> >improvements to get TLS right, even though it was designed by experts.
>
> IIUC, protocol design _should_ be easy
Once upon a time, everyone agreed that cipher design was hard. Later
people discovered that protocol design is hard too. More recently
people are discovering that given solid ciphers and protocols, secure
implementations are still hard... I could be wrong, but it does not
seem that the trend is towards "increasingly easy" security, in the
sense that anyone who learns a programming language reasonably well can
develop security toolkits. :-(
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list