Like someone said on the list "hey everyone uses it, it must be secure" is the mental genere.
-A
Ted Mittelstaedt wrote:
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas J. Hruska Sent: Tuesday, March 08, 2005 12:34 PM To: openssl-users@openssl.org Subject: Re: The breaking of SHA1
I'm actually more favorably disposed towards using a non-MD4 lookalike. SHAx looks and feels too much like MD4/MD5. Unfortunately, not very many cryptographic hashes exist that haven't been broken in some way. Development of cryptographic hashes pretty much halted back in late 1999.
All that most people want is encryption that is "pretty much unbreakable for most people" The 56 bit DES and other weak and crackable algorithms are enough to keep the casual cracker out like the 15 year old kid. 3DES with a bad randomizer generating keys is good enough to block your criminal types wanting to steal credit card #s. None of these present much of an obstacle to governments, but most people aren't worried if the government can spy on their data. Oh, they will give lip service readily enough, but when it comes to putting their money where their mouths are, espically if that means switching to different application that uses a better algorithm, most of them won't switch. Nor will they pay a royalty to use a completely secure algorithm when a free and less secure one is available.
Ted
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
