| |||||||||||||
A bit concerned about relying on claims made in unpublished crypto papersA bit concerned about relying on claims made in unpublished crypto papersPosted Aug 25, 2012 10:10 UTC (Sat) by paulj (subscriber, #341)Parent article: Forward secure sealing
To echo points made by dlang elsewhere in this thread...
Does anyone else find it a bit disconcerting that a security feature is being pushed based on unpublished crypto? New cryptographic protocols often will have subtle features to them, if not flaws, that have significant implications for operators/implementors, but which take time for researchers to discover.
Very strong security claims are being made for this new technology, based on a worryingly early stage of the academic peer review process (it apparently hasn't even gotten past the first stage of that yet). This is unsettling...
(Log in to post comments)
A bit concerned about relying on claims made in unpublished crypto papers Posted Aug 25, 2012 13:51 UTC (Sat) by Fowl (subscriber, #65667) [Link]
It doesn't seem to me to be very novel, just a rearrangement of well-known, understood and time-tested primitives.
The implementation will almost certainly have bugs of course, but all software does. If your security depends on this feature you must evaluate it yourself.
A bit concerned about relying on claims made in unpublished crypto papers Posted Sep 7, 2012 9:55 UTC (Fri) by paulj (subscriber, #341) [Link] just a rearrangement of well-known, understood and time-tested primitives. Agreed, hence why I wrote "new cryptographic protocols". I meant that this is a new protocol using cryptography, not new cryptographic protocols. Sorry. Although, exactly what the protocol is is unclear. It seems you need to read the code to figure that out (?).
A bit concerned about relying on claims made in unpublished crypto papers Posted Sep 7, 2012 10:29 UTC (Fri) by paulj (subscriber, #341) [Link]
Gah... s/\(not new cryptographic\) protocols/\1 primitives/
|
|||||||||||||