[Cryptography] I broke a cipher this week.

Ray Dillinger bear at sonic.net
Mon May 25 23:24:07 EDT 2015

On 05/23/2015 03:29 AM, ianG wrote:
> On 23/05/2015 00:41 am, Ray Dillinger wrote:

>> In fact I'm surprised they allowed anyone outside
>> the company to examine their cipher before
>> deploying it.  But glad they did.

> Yes, brave.  If the press gets hold of it, they will write the wrong story.

That they hired a consultant and improved their cryptographic
security before launch based on the consultant's input?

That's not a bad story, IMO, it's a good one.  It's a
practice that more companies ought to do, for all kinds
of reasons.  Proprietary cipher algorithms aside, almost
everybody tries to implement proprietary protocols and
lots of them - even the ones that know proprietary ciphers
are mostly crap - get protocols wrong.   Hiring a
consultant to review cryptographic code before launch
should absolutely be standard practice IMO when preparing
to launch something important.

But you're right that it's probably not the story the press
would write if they hear the words "broken cipher".  Hence,
the very specific nondisclosure agreement. Which is fair.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150525/97555d8f/attachment.sig>

More information about the cryptography mailing list