[13369] in cryptography@c2.net mail archive
Re: Re: Nullsoft's WASTE communication system
daemon@ATHENA.MIT.EDU (Joseph Ashwood)
Sat May 31 11:03:53 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Joseph Ashwood" <ashwood@msn.com>
To: <cypherpunks@einstein.ssz.com>,
"Bill Stewart" <bill.stewart@pobox.com>,
"cypherpunks" <cypherpunks@lne.com>, <cryptography@metzdowd.com>
Date: Fri, 30 May 2003 13:08:01 -0700
----- Original Message -----
From: "R. A. Hettinga" <rah@shipwright.com>
Subject: CDR: Re: Nullsoft's WASTE communication system
> It's been pulled -- and mirrored :-). Nullsoft's part of AOHell. Gee, I
> wonder how *that* happened...
It should've been pulled for several reasons. The primary one being that it
is basically worthless securitywise. It uses RSA PKCS#1 v1.5 (the one
everyone seems to pick on, and always seems to find a way to be insecure),
Blowfish which supplied a maximum of 150-some gigabytes before insecurity
(birthday paradox), used PCBC which only serves one function and that's
having the longest name. MD5 which should be retired. In short
cryptographically it simply wasn't any good. Now if it was pulled bacause
AOL decided to pull it, I don't have a problem with that.
Joe
Trust Laboratories
Changing Software Development
http://www.trustlaboratories.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
