It's a Presidential Mandate, Feds use it. How come you are not using FDE?
Allen
netsecurity at sound-by-design.com
Thu Jan 18 17:11:06 EST 2007
Saqib Ali wrote:
> Since when did AES-128 become "snake-oil crypto"? How come I missed
> that? Compusec uses AES-128 . And as far as I know AES is NOT
> "snake-oil crypto"
Saqib,
I believe you are correct as to the algorithm, but the snake-oil
is in the implementation,
As I have often said, "A misplaced comma in an English sentence
will merely get you a bad reputation as a writer, however, a
misplaced comma in a nuclear weapons project may leave an
enduring mark on the world."
Algorithms can be perfect and implementation sloppy. If you can
review the code you might find the problem, but with proprietary
code, fergetit.
>
> Closed-source doesn't mean that it is "snake-oil". If that was the
> case, the Microsoft's EFS, and Kerberos implementation would be "snake
> oil" too.
As I recall there have been a few problems with Kerberos in the past.
Best,
Allen
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list