[cryptography] European report says many crypto protocols have problems

Krisztián Pintér pinterkr at gmail.com
Mon Nov 4 17:50:37 EST 2013


Peter Gutmann (at Monday, November 4, 2013, 1:40:26 AM):

> Then it deprecates PKCS #1 v1.5 (which pretty much the entire
> planet uses) because it doesn't have a security proof, while recommending a
> bunch of exotic alternatives that more or less nothing uses.

what is the purpose of academic research? we don't want the academia
to reinforce the public opinion. we want them to speak the truth,
whether it is popular or not. they have to give us the goals. and the
industry have to decide how fast we want to incorporate knew knowledge
in our practices.

history shows that many times we opt to continue with the old
protocol, and then we burn ourselves. just recently, millions of
passwords were stolen from amazon. it was a legacy system kept alive
to keep obsolete systems alive. we need to learn the lesson.
cryptographers are not tinfoil hat crazy persons. you follow what they
praise, or you get hacked in the next month or the next year. you have
no excuse. you have been warned. you act now, or face consequences
later.

moral of the story: math can not be defied. we all bullied that thick
glass "idiot savant". but it stopped working after high school. in
adulthood, thick glass mathematicians tell you what works and what
does not. time to get rid of pride. or fail.




More information about the cryptography mailing list