[Cryptography] quantum computers & crypto

cherry cherry at cpal.pw
Sun Oct 31 02:10:04 EDT 2021


On 10/30/21 3:03 PM, Ray Dillinger wrote:
> Certs with keys for multiple algorithms allowing
> quick,easy,transparent upgrades if an algorithm is decertified.

Lets not.

So many things are broken or backdoored, and multiple algorithms means 
more places for things to be accidentally or maliciously broken.

Why is everything created by a committee, and approved by a committee, 
broken, stays broken, and is never decertified?

As everyone on this list probably knows, wifi passwords are subject to 
offline dictionary attack.  Your router leaks the hash of the password 
to passive sniffers, and recent "upgrades" to the protocol send out 
these hashes far more often, continually broadcasting them, instead of 
only during logon. Why are they still subject to offline dictionary 
attack after all these years?

The process is broken, and getting more broken.  Perhaps enemy action. 
Could someone who has been interacting with these committees give us 
some war stories?

 From time to time I complain about crypto that just does not provide 
security, and get the run around.

"That is off topic for this mailing list.  File a bug report."

So I file a bug report.  "Not a bug, that problem is out of scope.  File 
a bug report with the person misusing this software"

So I ...




More information about the cryptography mailing list