On Thu, Sep 25, 2003 at 03:43:06AM +0200, Jake Appelbaum wrote: > After reading Gutmann's short but to the point email a few points that > he made seemed obvious. Some of the flaws were not so obvious. CIPE > seemed to have some very simple flaws and some of the fixes were easy to > implement.
The CRC flaw is not easy to correct. > I found a some of it delivered in such a manner that would upset people > who were highly vested in the projects he was criticizing. Perhaps it was > the comment that I also found to be so amusing, something to do with > sound waves. Amusing as it may be, it's still quite harsh. Especially as some of the flaws (the replay attacks) are actually documented in the manual. > I then read through the posts on Slashdot that declared CIPE to be > dead. I found these to be really immature and silly considering the > nature of F/OSS. Maybe it's not dead, but I'd rather not use security software which is unmaintained. (Several people tried to reach Olaf and failed.) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
