The state of crypto products

Sep. 29th, 2003 03:57 pm
ciphergoth: (Default)
[personal profile] ciphergoth
Just read this story on Slashdot, so in curiosity I downloaded the paper. And I have to echo and extend comments Peter Gutmann made about the state of crypto under Linux: when you hear about a product that uses crypto, open source, Linux based or otherwise, just assume that the crypto is woefully cack-handed rubbish from someone who's read Applied Cryptography if that.

ssh v2 is mostly OK. TLS (SSL v3.1) is mostly OK. GPG is mostly OK. IPSec is mostly OK. I don't know of anything else that people in the field think well of.
Tags:
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2003-09-30 08:34 pm (UTC)
From: [identity profile] pavlos.livejournal.com
Why is this? I mean I understand how software bugs or design mistakes actually arise, but why does the problem exist overall? I would have expected the field to have the following properties:
  • Really slow introduction of new designs.
  • Only a handful of designs actively in use.
  • Very clear designs, at the expense of other factors.
  • Much activity in qualifying and fine-tuning existing designs.
What you are saying suggests the opposite. is it straightforward cluelessness, or that no-one has figured the right sort of abstraction to reuse and refine cryptosystems they way you can ciphers?

Pavlos

  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

ciphergoth: (Default)
Paul Crowley
My Website

January 2025

S M T W T F S
   1234
5678 91011
12131415161718
19202122232425
262728293031 

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Dec. 24th, 2025 03:56 pm
Powered by Dreamwidth Studios