Jaqui Greenlees wrote:
Peter Gutmann wrote:
You can see where the magic-numbers problem has lead with the magic
number
"128". Provided that you mention this magic number somewhere in your
marketing literature, your product will be regarded as secure no
matter how
bad it is in practice.
~snip~
Peter 128 128 128 128 128 128 128 128 128 128.
You know why they think that about 128 don't you?
after all if it had not been classified as munitions, and export of the
128 bit encryption controlled, then people wouldn't think it was as good
as they do.
yup, the 128 bit being controlled for export to other countries, made
quite the impression.
From what I recall, there is still an import restriction
on anything bigger than 128 bits into France. All a bit
weird. I actually think the IETF policy of totally
ignoring any number policies is the smartest thing they've
ever done. Discussing numbers causes more wheel spinning
than any other things, it seems.
Ignore the numbers, concentrate on the security.
iang 128 ^ 128 (my 128 is better than your 128)
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
