"Scott Guthery" <[EMAIL PROTECTED]> writes:
> When I drill down on the many pontifications made by computer
> security and cryptography experts all I find is given wisdom. Maybe
> the reason that folks roll their own is because as far as they can see
> that's what everyone does. Roll your own then whip out your dick and
> start swinging around just like the experts.
>
> Perhaps I'm not looking in the right places. I wade through papers from
> the various academic cryptography groups, I hit the bibliographies
> regularly, I watch the newgroups, and I follow the patent literature. After
> you blow the smoke away, there's always an "assume a can opener"
> assumption. The only thing that really differentiates the experts from the
> naifs is the amount of smoke.
Hmm.... I'd characterize the situation a little differently.
There are a number of standard building blocks (3DES, AES, RSA, HMAC,
SSL, S/MIME, etc.). While none of these building blocks are known
to be secure, we know that:
(1) They have withstood a lot of concerted attempts to attack them.
(2) Prior attempts at building such systems revealed a lot of problems
which these building blocks are designed to avoid.
(3) People who attempt to design new systems generally make some
of the mistakes from (2) and so generally design a system inferior
to the standard ones.
We're slowly proving the correctness of these building blocks and
replacing the weaker ones with others that rely upon tighter
proofs (e.g. OAEP for PKCS-1) but it's a long process. However, I don't
think it's helpful to design a new system that doesn't have any
obvious advantages over one of the standard systems.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
