On Sun, Sep 27, 2009 at 02:23:16PM -0700, Fuzzy Hoodie-Monster wrote:
As usual, I tend to agree with Peter. Consider the time scale and
severity of problems with cryptographic algorithms vs. the time scale
of protocol development vs. the time scale of bug creation
attributable to complex
On Mon, Sep 7, 2009 at 6:02 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote:
That's a rather high cost to pay just for the ability to make a crypto fashion
statement. Even if the ability to negotiate hash algorithms had been built in
from the start, this only removes the
Thor Lancelot Simon t...@rek.tjls.com writes:
I think we're largely talking past one another. As regards new horrible
problems I meant simply that if there _are_ new horrible problems_ such
that we need to switch away from SHA1 in the TLS PRF, the design mistakes
made in TLS 1.1 will make it
Perry E. Metzger wrote:
Yet another reason why you always should make the crypto algorithms you
use pluggable in any system -- you *will* have to replace them some day.
In order to roll out a new crypto algorithm, you have to roll out new
software. So, why is anything needed for pluggability
On Tue, 25 Aug 2009, Ben Laurie wrote:
In order to roll out a new crypto algorithm, you have to roll out new
software. So, why is anything needed for pluggability beyond versioning?
If active attackers are part of the threat model, then you need to
worry about version-rollback attacks for as
Ben Laurie wrote:
Perry E. Metzger wrote:
Yet another reason why you always should make the crypto algorithms you
use pluggable in any system -- you *will* have to replace them some day.
In order to roll out a new crypto algorithm, you have to roll out new
software. So, why is anything needed
On Tue, Aug 25, 2009 at 12:44:57PM +0100, Ben Laurie wrote:
Perry E. Metzger wrote:
Yet another reason why you always should make the crypto algorithms you
use pluggable in any system -- you *will* have to replace them some day.
In order to roll out a new crypto algorithm, you have to roll
On Tue, Aug 25, 2009 at 12:44:57PM +0100, Ben Laurie wrote:
In order to roll out a new crypto algorithm, you have to roll out new
software. So, why is anything needed for pluggability beyond versioning?
It seems to me protocol designers get all excited about this because
they want to design
Perry E. Metzger wrote:
Yet another reason why you always should make the crypto algorithms you
use pluggable in any system -- you *will* have to replace them some day.
Ben Laurie wrote:
In order to roll out a new crypto algorithm, you have to roll out new
software. So, why is anything
James A. Donald jam...@echeque.com writes:
Getting back towards topic, the hash function employed by Git is
showing signs of bitrot, which, given people's desire to introduce
malware backdoors and legal backdoors into Linux, could well become a
problem in the very near future.
I believe
10 matches
Mail list logo
