On 1/18/07, Saqib Ali <[EMAIL PROTECTED]> wrote:
Since when did AES-128 become "snake-oil crypto"? How come I missed
that? Compusec uses AES-128 . And as far as I know AES is NOT
"snake-oil crypto"

He didn't say that AES is snake oil. He says he wants assurance that
the tool operates correctly. Using AES to generate an XOR key is still
using AES, but it's using it poorly.

Closed-source doesn't mean that it is "snake-oil". If that was the
case, the Microsoft's EFS, and Kerberos implementation would be "snake
oil" too.

He didn't say that closed source is snake oil. He says he wants
assurance that the tool operates correctly. The kind of assurance you
get from having a completely open design and implementation.

This is right up there with Seagate's encrypting disk which Dave Korn
(rightfully) expressed dismay over...

"And the reason is that software vendors, particularity software
vendors in the security world need to have some place to hide their
secrets. And we provide the perfect place to hide secrets, because we
can cryptographically handle things in a way that makes very difficult
to snoop or sniff the secrets. We have hidden operation in the drive
as well as hidden storage place that normally can't be accessed via
ATA commands. So in a way we have a bit of a black box, in terms of a
security device, that no one knows what is going on in there, and it
is a perfect place to hide stuff."

That's just wrong on so many levels. I want to know exactly how my
data is being transformed and stored. I want to be absolutely sure
that the on-disk representation of my data is critically dependent on
my key, and not on some vendor-derived key based on my disk serial
number. I want to know for sure that reading sector -42 won't hand you
back my key. I want to know that my encryption software isn't somehow
leaking my key. etc.

Hand me a crypto tool so well designed, so carefully audited and so
rigourously proven that it's approved for storing the government
secrets until the end of time... I'll still say "that's nice, where's
my copy of the source code".


GDB has a 'break' feature; why doesn't it have 'fix' too?

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to