[unisog] OT: Putting Encyption Functions in the HDDs
r.kerr at cranfield.ac.uk
Fri Apr 28 11:23:58 GMT 2006
On Thu, 2006-04-27 at 18:50 -0500, Cosmin Stejerean wrote:
> I would like to see more public discussion and involvement of security
> researchers before another other solutions claim to solve problems
> using cryptography. Cryptography and related issues are pretty hard to
> get right the first couple of times (MD*5*, SSL*2*, Kerberos *5*, NTLM
> *2*, WPA*2* and the list goes on).
Make that SSL*3* - SSLv2 is pretty broken too.
Bear in mind though that the design of many of these protocols did
involve security researchers at the time they were implemented. That
doesn't necessarily stop future researchers using new methodologies
finding flaws that could never have been envisioned at the time of
creation. Getting crypto right is hard even for the experts, which makes
it near impossible for the rest of us.
More information about the unisog