Linux Crypto Packages Demolished

← Back to Stories (view on slashdot.org)

Linux Crypto Packages Demolished

Posted by simoniker on Monday September 22, 2003 @10:19AM from the security-is-all-relative dept.

SiliconEntity writes "Cryptographer and security expert Peter Gutmann has demolished several Linux security software packages in a recent posting to the cryptography mailing list. He says, 'It's possible to create insecure 'security' products just as readily with open-source as with closed-source software. CIPE and vtun must be the OSS community's answer to Microsoft's PPTP implementation. What's even worse is that some of the flaws were pointed out nearly two years ago, but despite the hype about open-source products being quicker with security fixes, some of the protocols still haven't been fixed.'"

13 of 404 comments (clear)

What a great Quote by G+Money · 2003-09-22 10:19 · Score: 5, Funny

I wish I could make this my signature (damn 120 char limit):

"Whenever someone thinks that they can replace SSL/SSH with something much better that they designed this morning over coffee, their computer speakers should generate some sort of penis-shaped sound wave and plunge it repeatedly into their skulls until they achieve enlightenment."
--Peter Gutmann
1. Re:What a great Quote by charon_on_acheron · 2003-09-22 10:25 · Score: 3, Funny
  
  Only if you post anonymously though. See....
  
  Anonymous Signature to follow
  --
  Whenever someone thinks that they can replace SSL/SSH with something much better that they designed this morning over coffee, their computer speakers should generate some sort of penis-shaped sound wave and plunge it repeatedly into their skulls until they achieve enlightenment."
  --Peter Gutmann
Use the trustworthy stuff by Anonymous Coward · 2003-09-22 10:20 · Score: 5, Funny

I only use the Cyrillic Projector code. No one ever will crack that.
1. Re:Use the trustworthy stuff by Anonymous Coward · 2003-09-22 11:22 · Score: 1, Funny
  
  Did I miss something? I don't think any one Ever broke the code yet. So what he says stands.
  
  Who's on first?
Oh no! by Compact+Dick · 2003-09-22 10:22 · Score: 3, Funny

Demolished? Where am I now gonna get my SSH and GPG from? :-(

--
Use ISO 8601 dates [YYYY-MM-DD]
D'oh by charon_on_acheron · 2003-09-22 10:29 · Score: 3, Funny

I checked the wrong damn box.

I hate Mondays.
Hot News by tarquin_fim_bim · 2003-09-22 10:33 · Score: 4, Funny

Unmaintained software........unmaintained.

In other news, Bear shits in woods.
Re:Ah.... reminds me of the early days. by Anonymous Coward · 2003-09-22 10:58 · Score: 2, Funny

The fact that you refer to "back in the day" as a time when the Gimp was available makes me feel very, very old.
Wow by Anonymous Coward · 2003-09-22 11:13 · Score: 0, Funny

Two crypto tools, wanna-be PPTP alternatives, demolished. That leaves Linux with at least 6234234342372589255787895478 more.
Re:CIPE by kidlinux · 2003-09-22 11:17 · Score: 4, Funny

But when the industry is dominated by products from Microsoft, it doesn't take much to be "Industry Strength"!

Given that, one would think industry strength implies insecurity!

Don't let my alias throw you off, I'm not about bashing Microsoft, but this was just too easy ;)

--
-kidlinux.
Re:Give this man a PhD! by ceejayoz · 2003-09-22 12:09 · Score: 2, Funny

If CIPE were closed source, would he have even been able to write this article?

Yeah, 'cuz Windows being closed source prevents people from finding security vulnerabilities and writing articles on them...
Re:+5 Insightful? by DeltaSigma · 2003-09-22 12:13 · Score: 2, Funny

Oh my god! Which ones the intelligent one?! Which one's questioning open source!? Who's the troll?! I need an adult!
Re:I HATE MAC'S by Anonymous Coward · 2003-09-22 12:54 · Score: 1, Funny

It's not Macs that you hate, but your own incompetence. I would like to sympathize with you but that's beyond my own competence I'm afraid.