Saqib Ali wrote:
Since when did AES-128 become "snake-oil crypto"? How come I missed
that? Compusec uses AES-128 . And as far as I know AES is NOT
"snake-oil crypto"

Saqib,

I believe you are correct as to the algorithm, but the snake-oil is in the implementation,

As I have often said, "A misplaced comma in an English sentence will merely get you a bad reputation as a writer, however, a misplaced comma in a nuclear weapons project may leave an enduring mark on the world."

Algorithms can be perfect and implementation sloppy. If you can review the code you might find the problem, but with proprietary code, fergetit.

Closed-source doesn't mean that it is "snake-oil". If that was the
case, the Microsoft's EFS, and Kerberos implementation would be "snake
oil" too.

As I recall there have been a few problems with Kerberos in the past.

Best,

Allen

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to