More info in my AES128-CBC question
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Fri Apr 20 12:27:17 EDT 2007
Aram Perez wrote:
> The proposal for using AES128-CBC with a fixed IV of all zeros is for
> a protocol between two entities that will be exchanging messages.
> This is being done in a "standards" body (OMA) and many of the
> attendees have very little security experience.
We don't let a bunch of random people design airbags. How on earth is it
a good idea to let a random bunch of people design crypto protocols? Is
this the same bunch of people that will be shocked, just SHOCKED when
someone demonstrates that their design is idiotic and doesn't protect
anyone or anything?
No, really, that people with "very little security experience" feel
comfortable doing this kind of work just boggles my mind. Please
congratulate everyone involved, and remind them to always use their PPTP
VPN over their WEP-protected wireless.
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | GPG: 0x147C722D
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list