On Tue, Apr 22, 2014 at 11:40:58AM +0000, Edward Ned Harvey (blu) wrote: > > From: [email protected] [mailto:discuss- > > [email protected]] On Behalf Of Tom Metro > > > > Being open source [...]. It's > > is merely a necessary precondition for determining that crypto is > > trustworthy. > > Sorry, but this statement is simply false.
Anything involving security or encryption is rarely simply anything. > Tell me the difference between the AesManaged class library, when I > run it under closed-source .NET, and when I run it under open-source > mono? There is literally no difference. It's a standard, > deterministic library with literally the exact same binary output > given the same input. Closed or open is irrelevant, because the > behavior is standard, published, verifiable, deterministic. Hogwash. The difference is interested, qualified parties can't inspect the implementation to see if, say, using a particular key won't make the implementation upload logs of all your transactions to a black hat site, or download kiddie porn to your hardrive, etc.. If you can't inspect it, you can't trust it. Period. > > Using a proprietary library that implements an open *standard* is way > > better than one where the developer decided to roll his own crypto > > algorithm. > > Nobody rolls his own crypto algorithm. And I mean nobody. > > Everybody, and I mean everybody, uses a standard library implementation of an > open standard. This is also utter nonsense. http://books.google.com/books?id=GToEAAAAMBAJ&pg=RA1-PA117&lpg=RA1-PA117&dq=insecure+proprietary+encryption+algorithm&source=bl&ots=mu7p4S2lrF&sig=o-0RjkKNIiJW8zkc0koyxz9O3o0&hl=en&sa=X&ei=b4lWU6KuMo6-sQTRiIDYBg&ved=0CG4Q6AEwCQ#v=onepage&q=insecure%20proprietary%20encryption%20algorithm&f=false It took me ~5s to prove that statement wrong. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
_______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
