[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    Re: Understanding of CryptoAPI
From:       "Sergei O. Ivanov" <sergiva () UNI-PADERBORN ! DE>
Date:       1996-11-21 13:57:04
[Download RAW message or body]


> Although trivialising the matter for a cheap laugh, I am concerned that there will be many
> like me offering opinions and decisions being made based upon such opinions of those
> who do not understand the underlying principles and 'standards' because encryption
> technology is being marketed in such a way as to hide the risks and dangers.

Pete, you are right about the crypto marketing strategies.
But, experts in the field are constantly analyzing these risks and dangers and all
the crucial results are regularly reported. See for example CryptoBytes, RSA Labs
technical newsletter, http://www.rsa.com  On the other hand, developers are
also involved in this process and are accomodating their developments to
the changing situation.

The other thing to keep in mind is that systems also need to be analyzed,
not just algorithms. Because, even if the algorithm is genuine, a bug in
random number generator, for example, may make the system vulnerable
to a very cheap attacks.

So, the problem here lies also in developing tests for such product components
and running them in multiple environments in order to find out possible weaknesses.
However, usage of component technology ala CryptoAPI essentially enhances
product stability and simplifies testing process.

Sergei

[prev in list] [next in list] [prev in thread] [next in thread]