[cryptome] Re: [cryptography] [Cryptography] Boing Boing pushing an RSA Conference boycott

  • From: "taxakis" <taxakis@xxxxxxxxx>
  • To: <cryptome@xxxxxxxxxxxxx>
  • Date: Thu, 16 Jan 2014 17:32:29 +0100


>     -----Original Message-----
>     From: cryptography [mailto:cryptography-bounces@xxxxxxxxxxxxx] On
>     Of John Young
>     Sent: Thursday, January 16, 2014 4:29 PM
>     To: cryptography@xxxxxxxxxxxx; cryptography@xxxxxxxxxxxxx;
>     cryptome@xxxxxxxxxxxxx
>     Subject: Re: [cryptography] [Cryptography] Boing Boing pushing an RSA
>     Conference boycott
>     Punishing RSA is work for bloodthirsty media and its fans. Public
>     needs much better to offer the public than entertaining evanescent
>     revenge.
>     3DES is intriguing. Publicizing a list of other well-tested
>     ciphersystems would be constructive alternatives to "nothing can be
>     done, authority always wins." Public loss of trust in any comsec and
>     crypto is ever present.
>     As a consumer, I want you to give me something useable and reliable
>     ordinary use not weapons-grade illusion of infallibility. Ban the use
>     "unbreakable." Stop tinkering with old reliable OTP with digital
>     simulacra. Stop blaming users for faulty implementation.
>     Civil engineers never say a dam is infallible, they say it will fail,
>     watch for well-known weak spots, prepare to patch and maintain
>     continuously, and never forget the disasters of over-confidence,
>     construction budgets, cut backs in maintenance, and water policy
>     exploiters.
>     Earthen dams without sluices, relying upon mass and gravity, outlast
>     reinforced concrete "monoliths" perforated with umpteen ways to
>     the water flow, nowadays usually to run more server farms near
>     hydropower facilities.
>     I'd like an earthen dam crypto tool I can watch myself for leaks.
>     I got PGP 2.6. Anything better that is not reliant up commercially
>     biased assurances?
>     BTW, why is PGP Inc and IBM Inc not being bashed like RSA Inc?
>     At 01:26 AM 1/16/2014, you wrote:
>     >At 12:48 PM 1/15/2014, Phillip Hallam-Baker wrote:
>     >>What then should we do about all the folk clinging to 3DES? How
>     >>the people who stuck with MD5? How about the people who have not
>     >>junked SHA-1?
>     >
>     >Ignoring Phill's perfectly reasonable main point, what's wrong with
>     3DES?
>     >Sure, it's clunky, takes lots of bit-twiddling, is a good bit slower
>     >and larger than AES, and only gives you ~112 bits of security for
>     >168 bits of keys, but is there anything wrong with it other than
>     >not as good as some of the alternatives?  (Ok, and maybe a bit of
>     >analysis risk, depending on your
>     >implementation.)  It's not like MD5 where there are theoretical
>     >that make it much weaker?
>     >
>     >_______________________________________________
>     >The cryptography mailing list
>     >cryptography@xxxxxxxxxxxx
>     >http://www.metzdowd.com/mailman/listinfo/cryptography
>     _______________________________________________
>     cryptography mailing list
>     cryptography@xxxxxxxxxxxxx
>     http://lists.randombit.net/mailman/listinfo/cryptography

Other related posts: