John Gilmore wrote: Phil thinks I misunderstood/misrepresented him. >His statement
><begin extract> >But in the real world, such assumptions often don't apply, and so even >relatively weak crypto can be de facto quite secure. ></end extract> >immediately following the one about DES that I quoted earlier suggests >otherwise to me. I am delighted that he does not in fact judge DES >effective. >I reacted to his comments as I did because their "realist" flavor >troubled me. On-line systems are in crisis; and this crisis---It was >wholly predictable and was indeed predicted---is an outgrowth of a >pervasive notion that the manifestly inadequate is enough. >Two major retail chains have now lost the confidence of their most >valuable customers, and they will not be the last organizations to >find themselves in this situation. In these circumstances it seems >to me that we have had enough expressions of what seems to me to be >crackpot realism about security and encryption. >None of this, of course, is intended to suggest that Phil is not >entitled to have and express his own, very different views. OK, I see what you mean. I didn't *mean* it that way - by 'quite secure' I meant, 'A lot harder to crack than oh-so-weak 56-bit DES would seem'. I did NOT mean 'Sufficiently secure that anyone should use it'. So, yeah. As for "manifestly inadequate is enough"-great phrase; is it yours? I like it. And of course you're right. Thanks for hanging in there to a meeting of minds... ...phsiii ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
