[Cryptography] Toxic Combination

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Dec 9 17:05:50 EST 2014

Ben Laurie <benl at google.com> writes:

>In any case, your position appears to be "you should implement this even
>though I cannot point to a single example of how". Not tenable.

Ian has already responded to this:

  As you yourself show below, asking for references is a setup for a

However, let's give this a go.  I've collected them all in one place for
convenience, see:


I count (well, Word counts) just under five hundred references for the
"Passwords" chapter.  Is that enough?

Now you have to come back and say that that's way too many, and you want just
one.  So I go through them and find some representative paper and forward it
to you.  You glance through it and find some reason why it won't work ("it
suggests using a 24-pixel menu bar but we only have 23 pixels available",
something like that).  So I go through and find another paper.  You come back
to me with some reason why it won't work.  We continue this dance until I get
tired of it and find something better to occupy my time.

As Ian has said, this is a setup for a knockdown.  It's like a religious
fundamenatalist asking "Send me a reference proving to me that God doesn't
exist", the outcome is a foregone conclusion, so the only winning move is not
to play.

In any case you have just under 500 references there, so you can't claim
"cannot point to a single example" any more.

(Incidentally, how many references did you require for certificates being 
effective in protecting browsers from phishing?).


More information about the cryptography mailing list