Re: The importance of IVs
From: mobius30 (mobius30_at_hushmail.com)
Date: 08/27/05
- Next message: Regis: "Re: My my, how time flies ...... it's been about "1 hour" -- anyone cracked CryptoSMS yet?"
- Previous message: Paul Rubin: "Re: Theoretical limits for password length"
- In reply to: Regis: "Re: The importance of IVs"
- Next in thread: Regis: "Re: The importance of IVs"
- Reply: Regis: "Re: The importance of IVs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 27 Aug 2005 12:31:54 -0700
Regis wrote:
>"So yeah, forget about the IV problem. What I found even more
>disturbing is the sheer number of these libraries out there that are
>so badly assembled that they're not even what they claim to be. For
>instance, a library containing AES and Blowfish (for example), SHOULD
>be able to give you actual AES and Blowfish encryption. This is a
>no-brainer. But in my findings, it turns out that in many cases,
>you're not getting AES, nor are you getting Blowfish. So what are you
>getting? Essentially a faulty implementation which can range in
>seriousness from being somewhat buggy, to being completely insecure."
So, what you're saying is basically "If you want something done right,
do it yourself?"
This is the frightening conclusion I don't want to come to....
- Next message: Regis: "Re: My my, how time flies ...... it's been about "1 hour" -- anyone cracked CryptoSMS yet?"
- Previous message: Paul Rubin: "Re: Theoretical limits for password length"
- In reply to: Regis: "Re: The importance of IVs"
- Next in thread: Regis: "Re: The importance of IVs"
- Reply: Regis: "Re: The importance of IVs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
