[Dshield] Virtual Matrix Encryption Hoax?

Jay Wren JRWren at advnetworks.com
Tue Mar 26 15:40:48 GMT 2002


> -----Original Message-----
> From: John Hardin [mailto:johnh at aproposretail.com]
> Sent: Monday, March 25, 2002 4:56 PM
> To: DShield mailing list
> Subject: Re: [Dshield] Virtual Matrix Encryption Hoax?
*snip*
> both systems). Any cryptosystem that relies on the secrecy of the
> algorithm has a severe weakness.


WHAT?  What else is there in a security system than the algorithm?  Policy.


But poor policy is to blame for far more security breaches than the
algorithm in any cryptosystem.  Sure MD5, or any other hash, is only half as
secure as they seem, but they are still excellent tools.  Finding a
duplicate hash on something is usually a non trivial task.  In this case a
duplicate on /bin/bash where specific functionality is necessary out of the
binary(hopefully) on which a duplicate is being seeked.

I respectfully disagree with your statement and argue that there are many
fine algorithms out there that will keep things plenty secure.  I propose
that any cryptosystem that is implemented with poor policy has a severe
weakness.

--
Jay R. Wren




More information about the list mailing list