[Cryptography] Crypto Standards v.s. Engineering habits - Was: NIST about to weaken SHA3?
John Kelsey
crypto.jmk at gmail.com
Sat Oct 5 21:29:05 EDT 2013
One thing that seems clear to me: When you talk about algorithm flexibility in a protocol or product, most people think you are talking about the ability to add algorithms. Really, you are talking more about the ability to *remove* algorithms. We still have stuff using MD5 and RC4 (and we'll probably have stuff using dual ec drbg years from now) because while our standards have lots of options and it's usually easy to add new ones, it's very hard to take any away.
--John
More information about the cryptography
mailing list