Practice Cryptography!
Even with all of the cryptologic and cryptographic technology that has existed in the world for the past 60 years, we still don't really know what encryption is good for or how to use it -- or, more importantly, why it's important. Maybe it's time for people and coders to actually start practicing how to use it, like any other skill.Thursday, July 27, 2006
I got beat down on the IETF TLS mailing list for suggesting that perhaps we should be looking to cryptosystems other than RSA and DH. I've been becoming increasingly concerned about advances in GNFS factoring, and I am still thinking that various forces are going to collide to make either or both of them untenable.
As well, at the moment, MD5 and SHA-1 have non-theoretical attacks against them. The way they're used in many protocols suggests that those protocols are still secure... but that doesn't change the fact that the "peer-reviewed" algorithms have been generating a lot more peer review than is really comfortable.
Even though peer review is, honestly, the best option we have.
As well, at the moment, MD5 and SHA-1 have non-theoretical attacks against them. The way they're used in many protocols suggests that those protocols are still secure... but that doesn't change the fact that the "peer-reviewed" algorithms have been generating a lot more peer review than is really comfortable.
Even though peer review is, honestly, the best option we have.
Archives
2006-02-12 2006-02-19 2006-02-26 2006-03-05 2006-03-12 2006-03-19 2006-03-26 2006-04-02 2006-04-09 2006-04-16 2006-04-23 2006-07-23 2008-01-13 2008-01-20 2008-02-03 2008-02-17 2008-03-16 2008-04-06 2008-05-11
