[Cryptography] open questions in secure protocol design?

[Peter Gutmann]

Jerry Leichter <leichter at lrw.com> writes:

>But what if the current algorithm fails suddenly? 

Oh not this old saw again.  How many times has this happened with any
properly-designed algorithm (DES, RC2, RC4, IDEA, RC5, AES, MD5, SHA-1,
RIPEMD, SHA-2, RSA, DH, DSA, Elgamal, ECDSA, and so on)?

Actually, it's never happened.  Ever.

OTOH any mechanism deployed to deal with this is going to be something that
can't easily be tested beforehand but that has to work perfectly, and
perfectly securely, the first time it's used.  Sort of like SDI, but not as
simple and straightforward.

Peter.