On Fri, Jan 07, 2000 at 05:35:59PM -0500, Vin McLellan wrote:
| The idea that Microsoft was "forced" to use RSA implementation code
| is utterly absurd. Microsoft, as you probably know, has both an RSA patent
| license (which means they could code their own RSApkc, if they wished) and a
| BSAFE license. MS *choose* to use the BSAFE ciphersuites. (In doing so,
| IMNSHO, MS engineers locked in RSA crypto as the foundation of modern
| E-commerce.)
Vin,
To point to MS as a paragon of cryptographic implementation
expertise is at best silly. There are a *lot* of outstanding
cryptographers at Microsoft. There are also a lot of good engineers
there. But the code that they ship is, well, we all know about that.
Now, this doesn't mean that the BSAFE code, per se, is bad code. It
simply means you shouldn't try to use these folks as a reference.
I'll offer up the most recent example I'm familiar with, which
is totally broken use of RC4. They reused a keystream. Why you don't
do that is explained in crypto 101. Had they made any other
implementation choice, Todd Sabin's xor attack wouldn't have been
possible. So, to point to MS deciding to use BSAFE as evidence that
its good code, well, the reductio ad absurdium is available at:
http://www.bindview.com/security/advisory/adv_WinNT_syskey.html
| If any of the engineers working on these products at Netscape or MS
| had the hubris to think they were going to whip up their own crypto
| primitives or drag in some freeware library -- which I frankly doubt, since
| they were pros -- I presume their superiors soon put them straight!
As a pro, I've often used freeware libraries, and suggested them to
clients. They require, as does good use of bsafe, training of
engineers, and well written and reviewed specifications of what the
programming logic should do.
[...]
| To which Eric responded:
|
| >I would agree that BSAFE portability and stability is excellent.
| >The code organization and coding style leaves a lot to be desired.
| >I and a number of other programmers who have had to add new algorithms
| >to BSAFE were less than happy.
Eric is a much more worthy judge, and if he says the code is stable,
he's a fine witness to call on.
Adam
--
Tired of co-workers slowing you down? Leave them behind.
http://jobs.zeroknowledge.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
