[Cryptography] RSA is dead.

[Miles Fidelman]

Jerry Leichter wrote:
> On Dec 22, 2013, at 4:59 PM, Bill Cox <waywardgeek at gmail.com> wrote:
>> Nonsense.  Most other equally capable developers should be able to discover a backdoor with far less effort to hide it.  Reading other people's code is a skill that some people never acquire, but it's generally easier to understand someone else's code entirely than to have created it from scratch.
>>
>> If the code is so obscure that this is not the case, that code should not be used in crypto.  I'll just point out that gtksu falls exactly into this category, yet we continue to use it... it really deserves to be retired.  Open source is *very* helpful, but if the people with the decision power over what to include are far more ignorant than the coders... well then just forget security.
> Have a look at some of the entries in the Obfuscated V contest (to write innocent-looking code that actually cheated one of the candidates).  My favorite is http://graphics.stanford.edu/~danielrh/vote/mzalewski.c - just one of many.
>
> Come back and tell me how "capable developers" will easily find malicious code hidden in simple, clean-looking C code.
>                                                          -- Jerry
>
In the government stuff, it's the crypto algorithms that are classified, 
and typically embedded in silicon.  Holes in code are one thing, but 
looking for backdoors on chips is a lot harder; and looking for 
backdoors in the math is even harder.

Miles Fidelman



-- 
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra