[Cryptography] Other obvious issues being ignored?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Oct 19 23:00:01 EDT 2015
Thierry Moreau <thierry.moreau at connotech.com> writes:
>It's a shame that this old issue has been ignored until now!
>
>What other "obvious" questions are we ignoring?
Lots and lots and lots, and specifically questions so obvious that they
shouldn't even need to be asked. Things like "will your implementation accept
RSA keys with exponent 1" (many did, until bad publicity forced a fix), "will
it accept keys known to be insecure twenty years ago?" (ditto), "will it
accept obviously non-prime primes for public keys?" (ditto), and so on and so
on. To quote Bruce, many crypto-using applications are "as insecure as you
can possibly get away with", because they use crypto and are therefore secure
by executive fiat rather than actual practice.
You can't even come up with a checklist for this, because you'd have to ask so
many questions, and of such boneheaded obviousness, that you couldn't get
anyone to come up with them all. In the meantime, people are so busy debating
whether they can use the Ed209 curve with the Blake7 hash function or not that
they're missing the fact that the app they want to use it with will happily
accept the number 15 as a DH prime (yes, there are browsers that did that).
Peter.
More information about the cryptography
mailing list