The state of crypto products

[ciphergoth]

Just read this story on Slashdot, so in curiosity I downloaded the paper. And I have to echo and extend comments Peter Gutmann made about the state of crypto under Linux: when you hear about a product that uses crypto, open source, Linux based or otherwise, just assume that the crypto is woefully cack-handed rubbish from someone who's read Applied Cryptography if that.

ssh v2 is mostly OK. TLS (SSL v3.1) is mostly OK. GPG is mostly OK. IPSec is mostly OK. I don't know of anything else that people in the field think well of.

Comments

[ciphergoth.livejournal.com]

I'm not really making a point about open versus closed source software - see my reply to Pavlos. For one thing I'm really talking about protocol design rather than implementation, and terms like "open source" don't exactly apply to protocols (though they can apply to the protocol documentation). Also it's unclear to me how "commercial input" affects a thing's status as open or closed source.

IPSec sprang from IPv6 and was later back-ported to v4.

[giolla.livejournal.com]

As far as the open/closed source thing goes I was just pointing out that at least half of the OSS crypto things you listed have commercial roots.

Which leaves OSS crypto looking even iffier, as what you actually have is:
"OSS crypto is mostly ok when it's implementing things developed in the commercial world."
SSH V1 was not terribly good, V2 was much better and was a commercial development.

The Commercial input comment was because I can't now recall the history of IPSec, but AFAIR it borrowed heavily from commercial products such as SunScreen. So yes the final thing is opensource but based on closed source development which leaves GPG as the only "mostly ok" crypto to have actually come from the world of open source, the rest being "OpenSource copies closed source"

Which doesn't hugely support the idea that CSS crypto "sucks much worse for the most part".

[ephermata.livejournal.com]

The thing to remember with IPSec is that it came out of the IETF. The IETF has a remarkably open process, but most of the people involved are employed by companies. So there are occasionally conflicting loyalties and hidden agendas. At the same time, you have a lot of very smart people trying their best to put together something that works well enough. The resulting process is...interesting. I don't think it would be accurate to characterize it solely as either "open source" or "closed source." It's just IETF.

Someone could write a book on the IETF and security protocols. I am not that person. The closest I've seen to analyzing what goes on are some comments in the Perlman, Kaufman, and Speciner book about the genesis of IKE. Eric Rescorla also had some comments in his presentation on "The Internet is Too Secure Already," but I don't know if he's written them down in more concrete form.