(I keep wondering it there is some dimensional distortion gate that
flashes into existance whenever anyone tries to discuss cherished myths
about Dear Demonic RSADSI;-)
Adam, I did not point to MS as a paragon of crypto skills.
I did argue that the petty calumny -- repeated by Eric -- that
Microsoft (and Netscape before it) had been "forced" or tricked or
blackmailed or bludgeoned into using RSA's BSAFE toolkit to implement SSL in
their respective browsers and webserver was patently false and absurd.
This should not be taken as a declaration that BSAFE's code is the
best in the world. I wouldn't say anything so foolish.
This should not be taken as a declaration that all decisions by
Microsoft Engineering management are brilliant. (MS sez so, but the Judge
sez no;-)
This is only proof of what everyone in the business already knows:
there are a lot of silly rumors and absurd myths that have been attached to
RSA over the years.
Normally, I just listen and laugh like everyone else. Sometimes I
get upset when people I respect repeat such tripe in a professional forum
like this.
_Vin
-------------- in response to ----------------------
Vin McLellan <me> wrote:
>| The idea that Microsoft was "forced" to use RSA implementation code
>| is utterly absurd. Microsoft, as you probably know, has both an RSA patent
>| license (which means they could code their own RSApkc, if they wished)
>| and aBSAFE license. MS *choose* to use the BSAFE ciphersuites. (In doing
>| so,IMNSHO, MS engineers locked in RSA crypto as the foundation of
>| modern E-commerce.)
Adam Shostack responded:
>Vin,
>
> To point to MS as a paragon of cryptographic implementation
>expertise is at best silly. There are a *lot* of outstanding
>cryptographers at Microsoft. There are also a lot of good engineers
>there. But the code that they ship is, well, we all know about that.
>Now, this doesn't mean that the BSAFE code, per se, is bad code. It
>simply means you shouldn't try to use these folks as a reference.
>
> I'll offer up the most recent example I'm familiar with, which
>is totally broken use of RC4. They reused a keystream. Why you don't
>do that is explained in crypto 101. Had they made any other
>implementation choice, Todd Sabin's xor attack wouldn't have been
>possible. So, to point to MS deciding to use BSAFE as evidence that
>its good code, well, the reductio ad absurdium is available at:
>
>http://www.bindview.com/security/advisory/adv_WinNT_syskey.html
>
>| If any of the engineers working on these products at Netscape or MS
>| had the hubris to think they were going to whip up their own crypto
>| primitives or drag in some freeware library -- which I frankly doubt, since
>| they were pros -- I presume their superiors soon put them straight!
>
>As a pro, I've often used freeware libraries, and suggested them to
>clients. They require, as does good use of bsafe, training of
>engineers, and well written and reviewed specifications of what the
>programming logic should do.
>
>[...]
>| To which Eric responded:
>|
>| >I would agree that BSAFE portability and stability is excellent.
>| >The code organization and coding style leaves a lot to be desired.
>| >I and a number of other programmers who have had to add new algorithms
>| >to BSAFE were less than happy.
>
>Eric is a much more worthy judge, and if he says the code is stable,
>he's a fine witness to call on.
>
>Adam
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
