[Cryptography] Other obvious issues being ignored?
Ralf Senderek
crypto at senderek.ie
Tue Oct 20 08:09:11 EDT 2015
Peter Gutmann writes:
> You can't even come up with a checklist for this, because you'd have to ask so
> many questions, and of such boneheaded obviousness, that you couldn't get
> anyone to come up with them all. In the meantime, people are so busy debating
> whether they can use the Ed209 curve with the Blake7 hash function or not that
> they're missing the fact that the app they want to use it with will happily
> accept the number 15 as a DH prime (yes, there are browsers that did that).
Yes, but that implies that we need to debate implementation ideas or even
details and that we have to look closely at *systems* not only concepts, hanging
in thin air. It's like a shift of paradigm that has to take place, if we
want to talk about security in a meaningful way.
The most important obvious question being ignored - as I see it - is how do we
make all that checking and debate actually happen in a way that things get better.
Neither hoping for the best nor expecting the worst will suffice. We need to
fight ignorance.
--ralf
More information about the cryptography
mailing list