[Cryptography] RSA is dead.

ianG iang at iang.org
Mon Dec 23 02:30:17 EST 2013


On 22/12/13 15:53 PM, Ralf Senderek wrote:
> On Sun, 22 Dec 2013, iang wrote:
>
>> What was RSA's job?  Their job was to serve their customers with secure
>> crypto.  They didn't, instead, they allowed an interested party to get
>> between them and the customers, which was an abrogation of their
>> self-claimed standard:
>>
>>   "Unlike alternatives such as open source, our technology is backed by
>> highly regarded cryptographic experts."
>
> Isn't the most obvious conclusion that no crypto tool can be secure if it
> is not open source? Even if there is no guarantee that the code is
> actually being scrutinized, the alternative - trusting the experts - is
> not really an alternative, if you cannot check what's going on.


I don't think so, but I agree it would be nice if it was so.  If you 
look at all the failures in cryptosystems, there might be a bias one way 
or the other but it isn't a slam dunk.

Open Source as a guarantee of security is really just the marketing of 
the open source folk.  It certainly helps but collecting those smart 
eyeballs isn't as easy as saying it.

iang


More information about the cryptography mailing list