[LUG] Thoughts on crypto engineering

To: "dclug.org.uk" <list@xxxxxxxxxxxx>

Subject: [LUG] Thoughts on crypto engineering

From: Philip Hudson <phil.hudson@xxxxxxxxx>

Date: Tue, 10 Sep 2013 16:18:41 +0100

Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:from:date:message-id:subject:to:content-type; bh=+n5AInxcLfyzdowpPYqzqxEZ/32aen8H9Okx3FwmKCA=; b=YeCGixTKLrLwWhdaVogGDFb3R744ElZTt3ouzjzV6EXG+k6M8SauocjI4KIsnbkmXR gY0xFQl7VYK3eiENsbEYjyYDkV6156nFTvyOCSDF+vfp6MmbSV89EZOvAZJNIXZ+3xyU jIS1fyOSh+yKVE4BEZboMOJgpEvig5Xk21ch/YhT6rNnV+Mvl4ZLjYp16EXMnSNEisrg /qlNkKeCt/x/xfYbfmS+2jfLrW62qctUYuoRfSRr2qswoI47yTt22emcVQzU5BSIJBZE ExQpyJmZXCxmhl0ordbGnwF8nb6BlKhhrR0Fyb7z2lDyrx4814BHIEfZ7vL0MIf8hrVa 9UoA==

I think this is actually a link from Martijn in an earlier message - open browser tab, can't recall when/how I opened it. Anyway:

"Of the libraries above, Microsoft is probably due for the most scrutiny. While Microsoft employs good (and paranoid!) people to vet their algorithms, their ecosystem is obviously deeply closed-source. You can view Microsoft's code (if you sign enough licensing agreements) but you'll never build it yourself. Moreover they have the market share. If any commercial vendor is weakening encryption systems, Microsoft is probably the most likely suspect."

Somebody remind me why it's wrong to assume that Microsoft will always do evil because it will always be evil.

http://blog.cryptographyengineering.com/2013/09/on-nsa.html

--
Phil Hudson http://hudson-it.no-ip.biz
@UWascalWabbit PGP/GnuPG ID: 0x887DCA63