On Mon, Jul 19, 2010 at 8:22 PM, Joerg Sonnenberger <[email protected]> wrote: > On Mon, Jul 19, 2010 at 06:37:21PM -0400, STeve Andre' wrote: >> On Monday 19 July 2010 18:26:15 Ted Unangst wrote: >> > Free software you can't modify is not free software. > > Algorithm != implementation (== software). > >> That's especially galling for software where there are real security >> considerations: suppose you find a flaw in the algorithm--you can't >> fix it? > > You mean like Debian fixed the usage of uninitialized variables in > OpenSSL? In the cryptographic community the need to "fix" an algorithm > is generally considered a good sign to stay away from the algorithm > completely. Can you name a case where an algorithm was fixed and the > result was actually a stronger algorithm? Avoiding weak keys for example > is not a modification of an algorithm, it is just a more specific choice > of choosing random keys. I am talking about actually modifying the > encryption algorithm. > > Side note: the complain is also pointless because a modified algorithm > wouldn't be interoperable anyway, making the point mood as well.
Bullshit. If blowfish had come with such retarded no-modification terms, we wouldn't have the bcrypt password hashing scheme we use today.
