Encryption and risk
markw-FJ05HQ0HCKaWd6l5hS35sQ at public.gmane.org
markw-FJ05HQ0HCKaWd6l5hS35sQ at public.gmane.org
Tue Oct 6 07:57:51 EDT 2009
I was thinking about this over night, and it really is both funny *and*
instructive for those with little security experience.
There is practically no way to come up with a usable 100% secure system.
There will always be an exploit. If not through the encryption algorithm
itself, through the implementation.
Take AES, and while my info may be dated, I still assume that it has not
been breeched algorithmically, but the breaches that have been seen have
been around implementations. The end result is the same, of course.
MD5 has been broken. That was always mathematically possible, just highly
improbable. GHZ processors make improbable somewhat more "likely."
If someone has custody of encrypted data for any non-trivial length of
time, you have to assume it can be broken.
> On Sat, Oct 3, 2009 at 12:23 PM, Mark Woodward <markw-FJ05HQ0HCKaWd6l5hS35sQ at public.gmane.org>
> wrote:
>> Anyway, anyone interested in writing a really easy library as an open
>> source project?
>>
>> It should have:
>> Easily installable service modules
>> SSL/TLS Sockets
>
> please read
> http://chargen.matasano.com/chargen/2009/7/22/if-youre-typing-the-letters-a-e-s-into-your-code-youre-doing.html
> to avoid creating security holes.
>
>
> --
> Bill
> n1vux-WYrOkVUspZo at public.gmane.org bill.n1vux-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
>
More information about the Discuss
mailing list