2010/7/20 Joerg Sonnenberger <[email protected]> > > That's especially galling for software where there are real security > > considerations: suppose you find a flaw in the algorithm--you can't > > fix it? > > You mean like Debian fixed the usage of uninitialized variables in > OpenSSL? In the cryptographic community the need to "fix" an algorithm > is generally considered a good sign to stay away from the algorithm > completely. Can you name a case where an algorithm was fixed and the > result was actually a stronger algorithm? >
I thought some people "fixed" the endian issues in blowfish in order to make it possible to send messages between different endian'ed machines. Perhaps so simple as "switch the input before doing blowfish on it" but still changing the general input/ouput in order to make it "better", if you define better as "works between different hosts". > -- > To our sweethearts and wives. May they never meet. -- 19th century toast
