[85748] in cryptography@c2.net mail archive
Re: More info in my AES128-CBC question
daemon@ATHENA.MIT.EDU (=?UTF-8?B?SXZhbiBLcnN0acSH?=)
Fri Apr 20 13:20:02 2007
Date: Fri, 20 Apr 2007 12:27:17 -0400
From: =?UTF-8?B?SXZhbiBLcnN0acSH?= <krstic@solarsail.hcs.harvard.edu>
To: Aram Perez <aramperez@mac.com>
CC: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <3586730C-0112-1000-837D-F5675E8BEF3F-Webmail-10019@mac.com>
Aram Perez wrote:
> The proposal for using AES128-CBC with a fixed IV of all zeros is for
> a protocol between two entities that will be exchanging messages.
> This is being done in a "standards" body (OMA) and many of the
> attendees have very little security experience.
We don't let a bunch of random people design airbags. How on earth is it
a good idea to let a random bunch of people design crypto protocols? Is
this the same bunch of people that will be shocked, just SHOCKED when
someone demonstrates that their design is idiotic and doesn't protect
anyone or anything?
No, really, that people with "very little security experience" feel
comfortable doing this kind of work just boggles my mind. Please
congratulate everyone involved, and remind them to always use their PPTP
VPN over their WEP-protected wireless.
--
Ivan Krstić <krstic@solarsail.hcs.harvard.edu> | GPG: 0x147C722D
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
