[Cryptography] recommending ChaCha20 instead of RC4 (RC4 again)

Jerry Leichter leichter at lrw.com
Fri Mar 14 06:53:41 EDT 2014

On Mar 14, 2014, at 12:58 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> (A lesser problem is that the devices are mostly built by hardware guys for whom software development consists of "it compiles, ship it".  Obviously that's an over-generalisation, but I don't know how much embedded stuff I've looked at that has beautifully-engineered hardware and software that looks like someone's incomplete undergrad project.
My favorite recent (last Sunday) example:  My built-in GPS reported that a trip would take half an hour, and that I would arrive at 10:30.  Meanwhile, my clock reported that it was 9:00.  The GPS had automatically adjusted for DST, but the clock - that had to be set manually.  (In general, the GPS has a knowledge of the time way beyond human resolution, but when the clock drifts, it's my job to resync it.  Typical lack of any reasonable level of systems thinking in embedded systems.)

Many years ago, I taught an operating systems course that was required of all "computer engineering" students.  (The school had both CS and CE programs because way back when, both the school of arts and sciences and the engineering school decided they needed to teach computing.)  CE students learned their C in a digital signal processing course.  Ugh.  I made it a secondary goal of my OS course to teach some good C coding practices - focusing on something other than "make it absolutely as fast as possible".

> That's an issue that you can try and legislate though, with the emphasis on "try").
Liability is hardly the panacea it's been held out to be - as witnessed by GM's current problems with allegedly defective ignition locks that for a decade have, now and then, completely shut down all systems, sometimes at highway speeds.  These are simple mechanical systems that haven't changed much in a century, and assuming there is a design issue, liability is completely clear.
                                                        -- Jerry

More information about the cryptography mailing list