Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?

Thread: Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?

Search this list only Search all lists
Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?
	2007-01-18 17:57:46
> Algorithms can be perfect and implementation sloppy. If you can > review the code you might find the problem, but with proprietary > code, fergetit. I think you guys are missing the point. The term "Snake-Oil Crypto" refers to the algorithm and NOT the actual implementation. This is a "important" distinction. I am copying Matt Curtain (who maintains Snake-Oil Crypto FAQ) and Bruce Schneier so that they can correct me if I am wrong. We all know that many open crypto algorithms (like kerberos, AES) have been implemented in sloppy manner in both open-source and close-source world. Being open source doesn't necessarily mean that the implementation is secure. When is the last time you checked the code for the open source app that you "use", to make sure that it is written properly? saqib http://www.full-d isk-encryption.net On 1/18/07, Allen <netsecuritysound-by-design.com> wrote: > > > Saqib Ali wrote: > > Since when did AES-128 become "snake-oil crypto"? How come I missed > > that? Compusec uses AES-128 . And as far as I know AES is NOT > > "snake-oil crypto" > > Saqib, > > I believe you are correct as to the algorithm, but the snake-oil > is in the implementation, > > As I have often said, "A misplaced comma in an English sentence > will merely get you a bad reputation as a writer, however, a > misplaced comma in a nuclear weapons project may leave an > enduring mark on the world." > > > > > Closed-source doesn't mean that it is "snake-oil". If that was the > > case, the Microsoft's EFS, and Kerberos implementation would be "snake > > oil" too. > > As I recall there have been a few problems with Kerberos in the past. > > Best, > > Allen > > ------------------------------------------------------------ --------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to majordomometzdowd.com > -- Saqib Ali, CISSP, ISSAP http://www.full-d isk-encryption.net ------------------------------------------------------------ --------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomometzdowd.com

Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?
	2007-01-22 10:40:27

On Jan 18, 2007, at 6:57 PM, Saqib Ali wrote: > > When is the last time you checked the code for the open source app > that you "use", to make sure that it is written properly? 30 seconds ago. What mode is it using? How much information is encrypted under a single key. Was the implementation FIPS certified. And the list goes on. These are important issues. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomometzdowd.com

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )