Well said. In perhaps-related ethics news:
RSA Conference is a separate entity from RSA, and (I believe) not a subsidiary
or profit center for either RSA or EMC. At this point, they're just unlucky
enough to have hitched their branding to the most recognized name in the
industry.
If it's
On Oct 2, 2013, at 6:23 PM, Jon Callas j...@callas.org wrote:
[snipped quoted text]
I'm not implying at all that AES or SHA-2 are broken. If P-384 is broken, I
believe the root cause is more that it's old than it was backdoored.
But it doesn't matter what I think. This is a trust issue.
Aside from the curve change (and even there), this strikes me as a marketing
message rather than an important technical choice. The message is we react to
a deeper class of threat than our users understand.
Fair enough, but I'd hardly stop using AES or the larger SHA-2 variants on the
back of
New to the list, so I'm sorry if I missed it, but what was the evidence
presented that RSA took a $10M payoff to make Dual EC DRBG the default in
Crypto-C?
Thanks,
-Jared
On Sep 22, 2013, at 9:01 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote:
ianG i...@iang.org writes:
One mystery