[cryptography] preventing protocol failings

Jon Callas jon at callas.org
Tue Jul 5 02:11:12 EDT 2011

On Jul 4, 2011, at 10:10 PM, coderman wrote:

> H3 should be Gospel: "There is Only One Mode and it is Secure"
> anything else is a failure waiting to happen…

Yeah, sure. I agree completely. How could any sane person not agree? We could rephrase this as, "The Nineties Called, and They Want Their Exportable Crypto Back." Exportable crypto was risible at the time and we all knew it.

But how is this actionable? How can I use this principle as a touchstone to let me know the right thing to do. I suppose we could consider it a rule of thumb instead, but that flies in the face of making it "Gospel."

Rather than rant, I'll propose a practical problem and pose a question.

You're writing an S/MIME system. Do you include RC2/40 or not? Why?

Hint: Gur pbeerpg nafjre vf gung lbh vaqrrq fubhyq vapyhqr vg. Ohg V yrnir gur jurersberf nf na rkrepvfr. Ubjrire, guvf uvag vf nyfb n zrgn-uvag nf gb gur ernfbaf jul lbh fubhyq vapyhqr vg.


More information about the cryptography mailing list