On Fri, 16 Aug 2002, Adam Back wrote:

> failure to realise this issue or perhaps just not caring, or lack of
> financial incentives to care on the part of software developers.
> Microsoft is really good at this one.  The number of times they
> re-used RC4 keys in different protocols is amazing!

Don't forget schedule pressure, the overhead of bringing in a contractor
to do crypto protocol design, and the not-invented-here syndrome. I think
all of these contribute to keeping protocol design in-house, regardless of
the technical skill of the parties involved. It takes a serious investment
in time to qualify a consultant. If having the protocol right isn't a top
priority, that investment won't be made...and I'd guess that designing a
new protocol isn't common enough to merit a separate job/new hire in most


Reply via email to