On Wed, Jan 26, 2011 at 02:46:30AM +1300, Peter Gutmann wrote: > this. The other problem is that their long-term goal is to create something > certifiable, which means you need repeatability and determinism... for a > process that's supposed to be inherently nondeterministic. A better approach > would be an RFC 4086-style one, "here are some sound engineering principles, > use whatever's appropriate for your situation".
The problem with this approach is the people doing the certifying do not actually understand cryptography or security engineering in any meaningful way, so have no real ability to make such judgements. -Jack _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
