[148612] in cryptography@c2.net mail archive
Re: [Cryptography] RSA is dead.
daemon@ATHENA.MIT.EDU (ianG)
Mon Dec 23 02:37:21 2013
X-Original-To: cryptography@metzdowd.com
Date: Mon, 23 Dec 2013 10:30:17 +0300
From: ianG <iang@iang.org>
To: cryptography@metzdowd.com
In-Reply-To: <alpine.LFD.2.02.1312221345390.5930@laptop.kerry-linux.ie>
Cc: Ralf Senderek <crypto@senderek.ie>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 22/12/13 15:53 PM, Ralf Senderek wrote:
> On Sun, 22 Dec 2013, iang wrote:
>
>> What was RSA's job? Their job was to serve their customers with secure
>> crypto. They didn't, instead, they allowed an interested party to get
>> between them and the customers, which was an abrogation of their
>> self-claimed standard:
>>
>> "Unlike alternatives such as open source, our technology is backed by
>> highly regarded cryptographic experts."
>
> Isn't the most obvious conclusion that no crypto tool can be secure if it
> is not open source? Even if there is no guarantee that the code is
> actually being scrutinized, the alternative - trusting the experts - is
> not really an alternative, if you cannot check what's going on.
I don't think so, but I agree it would be nice if it was so. If you
look at all the failures in cryptosystems, there might be a bias one way
or the other but it isn't a slam dunk.
Open Source as a guarantee of security is really just the marketing of
the open source folk. It certainly helps but collecting those smart
eyeballs isn't as easy as saying it.
iang
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
