Crap. Counterpane and the rest of the crypto-nerdz out there just look for theoritical weaknesses in strong links (constantly trying to make strong links stronger), totally ignoring the other weaker links. They aren't interested in the non-crypto aspects of a system - they want to find flaws in the crpyto itself, even if its only a theoritical attack. So don't beleive that Counterpane and the rest of the crypto-nerdz will find these problems.
After all, the number of crypto-nerds staring at the pgp5 source code during source code scanning (rather than illegally exporting - there we go again - they want the elgal loophole, not the practical attack), and during all bug hunting afterwards must have been in the hundreds, but yet this bug stays there for a year.
And don't knock M$ here - have you seen some of the papers they've published? Did you know that Product Cipher works for them know (the author of Magic Money)? They have some of the top guys working for them, but these guys work on real world apps, rather than crypto-crap like untraceable money and new algorithms we don't need.
On a related note, you might be interested to read a talk I gave at HIP 92 on PGP. I don't know whether they ever fixed the most serious problem, that of being able to undetectably modify/truncate unsigned but encrypted messages, and to be honest, I can't be bothered to check - give me S/MIME anyday. Gary
GTk is NOT AN OPTION - even a LGPL'ed Gtk
on
Motif's Not Dead
·
· Score: 1
> And of course whatever we decide on as a standard will have to be GPL'd... Unless of course you want to write Free software (as in free to do what the hell you want with it, like incorporate it in commercial programs or programs with licences that can't be used with GPL) - we used Motif for exactly this reason - we weren't giving the source away, and weren't even prepared to ship with unstripped debuggable binaries - so even an LGPL'ed Gtk is out of the question.
Slashdot Mirror
But not for long (a few weeks).
Enjoy.
Gary@hotlava.com
After all, the number of crypto-nerds staring at the pgp5 source code during source code scanning (rather than illegally exporting - there we go again - they want the elgal loophole, not the practical attack), and during all bug hunting afterwards must have been in the hundreds, but yet this bug stays there for a year.
And don't knock M$ here - have you seen some of the papers they've published? Did you know that Product Cipher works for them know (the author of Magic Money)? They have some of the top guys working for them, but these guys work on real world apps, rather than crypto-crap like untraceable money and new algorithms we don't need.
On a related note, you might be interested to read a talk I gave at HIP 92 on PGP. I don't know whether they ever fixed the most serious problem, that of being able to undetectably modify/truncate unsigned but encrypted messages, and to be honest, I can't be bothered to check - give me S/MIME anyday. Gary
> And of course whatever we decide on as a standard will have to be GPL'd... Unless of course you want to write Free software (as in free to do what the hell you want with it, like incorporate it in commercial programs or programs with licences that can't be used with GPL) - we used Motif for exactly this reason - we weren't giving the source away, and weren't even prepared to ship with unstripped debuggable binaries - so even an LGPL'ed Gtk is out of the question.