Re: Good enough for crypto?

From: Paul Crowley (paul_at_JUNKCATCHER.ciphergoth.org)
Date: 11/28/03

  • Next message: Terry Ritter: "Re: Good enough for crypto?" 
    Date: 28 Nov 2003 10:51:55 +0000

    swilber@comscire.com (Scott Wilber) writes:
    > Paul Crowley <paul@JUNKCATCHER.ciphergoth.org> wrote in message news:<87fzgbbl73.fsf@saltationism.subnet.hedonism.cluefactory.org.uk>...
    > > swilber@comscire.com (Scott Wilber) writes:
    > > > I find it quite boring when someone posts a response merely for the
    > > > purpose of attacking. This may be entertaining for them, but it is
    > > > just a waste of time for most people. I will attempt to make a
    > > > reasonable reply anyway.
    > >
    > > This is very enlightening. I've wondered for a while whether the
    > > ComScire generators were good, but haven't had time to do a detailed
    > > investigation. Fortunately the way the manufacturers respond to
    > > expert technical criticism is the best determiner there is of snake
    > > oil.
    > >
    > > Clue: When someone like GGR criticises you, you start by thanking him
    > > for taking the time to examine your design.
    >
    > Fortunately, the government and military agnecies and large companies
    > around the world that have been using our generators for the past 8
    > years do not agree with your amazing powers of evaluation.

    Yes, and those things had inclined me one way, but your response to
    criticism inclines me strongly the other way. After all, it appears
    that the Department of Labor did pay real money for that
    extraordinarily bogus piece of snake oil, Meganet VME. So we know
    such buyers are far from infallible.

    An endorsement from the likes of GGR (or of course from the NSA) would
    mean a hell of a lot more to me than those that you give. Davies, for
    example, appears to be a statistician rather than a cryptographer.

    Of course, the VME example also shows that you don't need to put out a
    product that is good or well respected to make money. So perhaps your
    strategy of attacking those who give you expert criticism and lowering
    your standing in the crypto and security community will not be
    commercially harmful to you. But equally, your bottom line doesn't
    matter to me - it only matters to me what I say if I'm asked for
    advice on hardware random number generators. 

    -- 
  __  Paul Crowley
\/ o\ sig@paul.ciphergoth.org
/\__/ http://www.ciphergoth.org/
  • Next message: Terry Ritter: "Re: Good enough for crypto?"