Re: Structure of Primes

From: Tom St Denis (tomstdenis_at_gmail.com)
Date: 05/13/05 

Date: 13 May 2005 10:08:59 -0700

Pubkeybreaker wrote:
> Once again Tom opens his mouth in ignorance and inserts his foot.
>
> Raytheon does NOT, repeat, NOT use your library. While some
> individuals
> may have downloaded it for their own purposes, it can not be used in
> any
> corporate products because of very stringent Federal (and CMMI)
> guidelines
> for software development.
>
> Of course it takes someone like Tom, in his ignorance, to leap to the
> conclusion
> that because someone at my company downloaded it, we must be using
it.

Ues can take on various forms. We use it here at Elliptic to test the
hardware against vectors. Often standards only provide 1 [maybe if
we're lucky a half dozen] vectors. That's hardly enough. So we use
OpenSSL/LibTomCrypt/etc to test.

Just because it doesn't end up in your end product doesn't mean you
haven't gained something from it.

> As for need to know what o(1) means to implement "it" properly
> (whatever
> you intended to be the antecedent of the word "it") I am simply
saying
> that
> professional security people can not trust software written by
someone
> who
> is relatively ignorant of the basic underpinnings of the problem
> domain.

Why? It doesn't come up. In RSA as an implementer all I care about
are what size the primes should be. I don't care how QS or GNFS works
[as far as LTC is concerned].

> How can one write mathematically based software (except in cookbook
> fashion
> using cookbooks written by others) without understanding the math????

Well let's see. I can multiply with the best of them and the hardest
math course I took was OAC Alegbra in high school.

What's your fucking point?

> As for my "contributing to the field", I suggest you go read the 20+
> research
> papers I have written in cryptography, computational number theory,
> and
> analysis of algorithms. And I am also a participant and contributot
to
> (and have been)
> in many of the cookbooks I am sure you use. (x9.62 and x9.63 to cite
> just two; I could
> also name IEEE 1363, x9.31, x9.80, x9.44 etc.)

All well and said. How much software have you written? You say my
SOFTWARE is bad... how much software have you written that's even in
the same scope as LTC or LTM that you have then the right to say such
things.

> I am sure there is value to your coding efforts. But until your code
> has been subjected
> to a rigorous review by someone competent, it should not be used in
any
> serious
> or critical piece of security software. I am sure it is well suited
for
> academic and
> research applications.

Not disagreeing. Unfortunately short of paying out a lot of cash
nobody will review it. They'll certainly use it though...

> Let me know when your library gets FIPS certified [you can have it
> done!]. Then, your
> code(and perhaps you) will earn my respect. Until then, you are just
a
> coder who is
> under-educated in the domain in which you claim to work. And one who
> repeatedly
> makes erroneous pronouncements in this forum.

First, you can only FIPS binaries. Not source.

Second, I only distribute source, not binaries.

Third, I don't care for your approval.

Think about it. You're a well-educated, mature adult picking on a 23
year old with community college level education for not knowing the
finer details of complexity theory notation. Put things in
perspective. [going by the 20 years timeline you gave] ... I was three
years old when that was happening. How big you must feel that you can
triumph the theoretical math I know. Congrats, your older and more
educated. So what?

Tom

Quantcast