On Tue, Sep 28, 2010 at 12:49 PM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
> Ye gods, how can you screw something that simple up that much? They use the > appropriate, and secure, HMAC-SHA1 and AES, but manage to apply it backwards! I guess they just follow SSL. BTW, they screw up more badly in other places. Download .NET Reflector, decompile .NET source, and do a grep 'DecryptString', you'll see at least three places where they don't even use a MAC at all. Thai. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com