Suppose.  Just suppose.  That you figured out a factoring
algorithm that was polynomial.  What would you do?  Would
you post it immediately to cypherpunks?    Well, OK, maybe
you would but not everyone would.  In fact some might
even imagine they could turn a sou or two.  And you can
bet the buyer wouldn't be doing any posting. With apologies
to Bon Ami, "Hasn't cracked yet" is not a compelling security 
story.
 
Cheers, Scott

        -----Original Message----- 
        From: Rich Salz [mailto:[EMAIL PROTECTED] 
        Sent: Sun 6/1/2003 6:16 PM 
        To: Eric Rescorla 
        Cc: Scott Guthery; cypherpunks; [EMAIL PROTECTED] 
        Subject: Re: Maybe It's Snake Oil All the Way Down
        
        

        > There are a number of standard building blocks (3DES, AES, RSA, HMAC,
        > SSL, S/MIME, etc.). While none of these building blocks are known
        > to be secure ..
        
        So for the well-meaning naif, a literature search should result in "no
        news is good news."  Put more plainly, if you looked up hash and didn't
        find news of a SHA break, then you should know to use SHA.  That assumes
        you've heard of SHA in the first place.
        
        Perhaps a few "best practices" papers are in order.  They might help
        the secure (distributed) computing field a great deal.
                /r$
        --
        Rich Salz                     Chief Security Architect
        DataPower Technology          http://www.datapower.com
        XS40 XML Security Gateway     http://www.datapower.com/products/xs40.html

Reply via email to