[3446] in cryptography@c2.net mail archive
Re: IP: State Govt Will Use Datakey Smart Cards
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Sun Oct 11 21:46:52 1998
To: "Lucky Green" <shamrock@netcom.com>
Cc: <cryptography@c2.net>
From: Marc Horowitz <marc@cygnus.com>
Date: 11 Oct 1998 02:28:43 -0400
In-Reply-To: "Lucky Green"'s message of Sat, 10 Oct 1998 00:11:45 -0700
"Lucky Green" <shamrock@netcom.com> writes:
>> Now I believe that the key should never be generated in hardware
>> you didn't design and build yourself. There is just too much room
>> for virtually undetectable design errors, be they accidental or
>> deliberate, that will dramatically reduce the keyspace.
Once crypto becomes ubiquitous, most people will generate keys with
hardware and/or software they did not design and build themselves.
The vast majority of people will simply never understand cryptography
well enough for them to evaluate what's going on. If we're lucky,
they'll have someone they more or less trust to recommend the key
generation system to them.
It's important to keep in mind that we on this list are very much
unlike the users we hope to eventually have.
Marc
