Saqib Ali wrote:
> Since when did AES-128 become "snake-oil
crypto"? How come I missed
> that? Compusec uses AES-128 . And as far as I know AES
is NOT
> "snake-oil crypto"
Saqib,
I believe you are correct as to the algorithm, but the
snake-oil
is in the implementation,
As I have often said, "A misplaced comma in an English
sentence
will merely get you a bad reputation as a writer, however, a
misplaced comma in a nuclear weapons project may leave an
enduring mark on the world."
Algorithms can be perfect and implementation sloppy. If you
can
review the code you might find the problem, but with
proprietary
code, fergetit.
>
> Closed-source doesn't mean that it is
"snake-oil". If that was the
> case, the Microsoft's EFS, and Kerberos implementation
would be "snake
> oil" too.
As I recall there have been a few problems with Kerberos in
the past.
Best,
Allen
------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomo metzdowd.com
|