> Cryptographically suspect
> authentication mechanisms?
>
> Because they won't divulge their code?? I hardly view this as suspect. Last
> thing I want is for people to know how I encrypt/authenticate something.
Whoa, I'll try to keep my sense of tact here, and direct you to what
happens when Microsoft keeps their crypto secret:
http://www.counterpane.com/pptp.html
http://www.counterpane.com/pptpv2-paper.html
This is a document written by Bruce Schneier, often regarded as the
foremost cryptographer in the industry, and how he managed to crack both
versions of
PPTP.
This blurb from wired.com sums it up best:
With relative ease, intruders can exploit the flaws, Schneier said,
which he summarizes as weak authentication and poor encryption
implementation. The result is that passwords can be easily compromised,
private information can be disclosed, and servers used to host a virtual
private network, or VPN, can be disabled through denial-of-service
attacks, Schneier said.
"It's kindergarten cryptography. These are dumb mistakes," Schneier
said.
http://www.wired.com/news/technology/0,1282,12629,00.html
And to think people were relying on this, thinking that their VPN to
their remote network was secure.
AES, on the other hand, developed by the best cryptographers in the
world, was developed in an open form.
Pretty much off-topic, but I really thought it was important to present
the other side...
Regards,
Dave
--
Dave Wreski
Corporate Manager Guardian Digital, Inc.
(201) 934-9230 Pioneering. Open Source. Security.
[EMAIL PROTECTED] http://www.guardiandigital.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
