[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sat, 7 Sep 2013, Mark Evans wrote:
Bad cryptography, by either accident or design, is far more likely with proprietary than open source software too.
I'm not sure if it's more likely. What matters is that with open source software you are able verify the source code for accidental or intentional weaknesses.
At least in principle. In practice the fact that backdoors (or at least weaknesses) have made it into standards should show that it's not particularly easy to do so.
Also, thankfully, public-key cryptography has an inherent openness so you can usually make a good judgement on the security of the crypto used, without seeing the code. See also Kerckhoff's principle:
http://en.wikipedia.org/wiki/Kerckhoffs's_principle Martijn. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq