"Michael K. Edwards" <[EMAIL PROTECTED]> writes: [snip] > If you're going to accept programs for inclusion in main that are > written and maintained by people with an agenda -- which includes but > is not limited to corporate backers who profit from the sale of tied > produces and services -- you have to recognize that not everything > about their design goals and inner wokings is fully disclosed. The > classic example is DES; the S-boxes were designed to be resistant to > differential cryptanalysis, which was unknown in the public literature > at the time (see > http://en.wikipedia.org/wiki/Differential_cryptanalysis ). Commercial > users just had to take the NSA's (i. e., MITRE's) word for it that > S-box tweaking was motivated by a desire to strengthen DES rather than > to Trojan it.
I think you mean: The story that is circulated now about the tweaking of the S-box is that it was to make DES more resistant to differential cryptanalysis, which was unknown at the time. Once you allow systems to exist with poor disclosure of the construction process of their internals, you have opened up a back door wide enough to drive a thousand exploits through. If you are aware that the providers of the system have an agenda, then it actually makes sense to work *harder* on the "full disclosure of all components necessary to reconstruct" angle than you would otherwise. (Yes, I *am* in the business of producing stuff that you can only reproduce part of from the design data.) cheers, Rich. -- rich walker | Shadow Robot Company | [EMAIL PROTECTED] technical director 251 Liverpool Road | need a Hand? London N1 1LX | +UK 20 7700 2487 www.shadow.org.uk/products/newhand.shtml -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
