[Cryptography] quantum computers & crypto
cherry
cherry at cpal.pw
Sun Oct 31 02:10:04 EDT 2021
On 10/30/21 3:03 PM, Ray Dillinger wrote:
> Certs with keys for multiple algorithms allowing
> quick,easy,transparent upgrades if an algorithm is decertified.
Lets not.
So many things are broken or backdoored, and multiple algorithms means
more places for things to be accidentally or maliciously broken.
Why is everything created by a committee, and approved by a committee,
broken, stays broken, and is never decertified?
As everyone on this list probably knows, wifi passwords are subject to
offline dictionary attack. Your router leaks the hash of the password
to passive sniffers, and recent "upgrades" to the protocol send out
these hashes far more often, continually broadcasting them, instead of
only during logon. Why are they still subject to offline dictionary
attack after all these years?
The process is broken, and getting more broken. Perhaps enemy action.
Could someone who has been interacting with these committees give us
some war stories?
From time to time I complain about crypto that just does not provide
security, and get the run around.
"That is off topic for this mailing list. File a bug report."
So I file a bug report. "Not a bug, that problem is out of scope. File
a bug report with the person misusing this software"
So I ...
More information about the cryptography
mailing list