At 02:00 AM 8/25/00 -0400, Anonymous wrote: >While many crypto experts intensely bullshit about the importance >of the source code to counter "security through obscurity", it appears >than none really looked at the sources closely. A lot of metallurgists inspected a lot of beams and bolts but the overall architecture was not reviewed for weaknesses when new features were added? Anything to learn? 1. They were right about the dangers of key escrow 2. Adding features to security products can be dangerous 3. Security reviews are really really hard and have to be repeated when new features are added. Marketing: Building insecure systems from secure components.. -Feinkost Paranoia
