On Mon, Jul 19, 2010 at 06:37:21PM -0400, STeve Andre' wrote: > On Monday 19 July 2010 18:26:15 Ted Unangst wrote: > > Free software you can't modify is not free software.
Algorithm != implementation (== software). > That's especially galling for software where there are real security > considerations: suppose you find a flaw in the algorithm--you can't > fix it? You mean like Debian fixed the usage of uninitialized variables in OpenSSL? In the cryptographic community the need to "fix" an algorithm is generally considered a good sign to stay away from the algorithm completely. Can you name a case where an algorithm was fixed and the result was actually a stronger algorithm? Avoiding weak keys for example is not a modification of an algorithm, it is just a more specific choice of choosing random keys. I am talking about actually modifying the encryption algorithm. Side note: the complain is also pointless because a modified algorithm wouldn't be interoperable anyway, making the point mood as well. Joerg
