[JDEV] Continued Improvement of Security Concerns
Rolle, Ted
trolle at uwgrocers.com
Wed Nov 15 13:33:48 CST 2000
Oh, the old Zero-Knowledge Protocol (ZKP)?
How about Schneier's books:
Applied Cryptography, 2nd ed, and
Secrets and Lies?
-----Original Message-----
From: Max Horn [mailto:max at quendi.de]
Sent: Wednesday, November 15, 2000 11:17
To: jdev at jabber.org
Subject: RE: [JDEV] Continued Improvement of Security Concerns
At 14:53 Uhr -0800 14.11.2000, Rolle, Ted wrote:
>Yee Haw!!! We got us a rumble goin!!!
>
>I'd suggest making the encryption the default communications mode, with
>plaintext an alternative to assist in debugging.
>
>Also, they would be most useful as a pluggable module with Rijndael as the
>default, but able to change to, say, Twofish, or another system as needs
and
>wills require.
>
>I'll help write the code if you wish.
The problem is not at all the crypto algorithm. The problem is
"trusting" a remote partner, and making sure a remote partner is
"valid".
This is a complicated topic, I wrote several mails to the JDEV ML
about this topic, and also have talked in the past (and will talk in
the future) with the Jabber core team about this.
I suggest to everyone who wants to talk about security with us to
read "Intro to Crypto" by Philip Zimmerman (the inventor of PGP)
which is available as text/html/pdf for free on the net.
Of course, this is not a problem if both sides of the communication
"know" each other and have a shared key. But in 99% of time this is
not the case. Thus, you have to relay on CAs (Certification Agencies)
that you trust and that help you validate your "partner" with whom
you want to communicate.
Again, read "Intro to Crypto" to understand better the problems of
cryptography (and let me asure you one thing: it's simple to write a
program using Rijndael/DES/RSA/TwoFish/Blowfish/IDEA/whatever that is
perfectly *unsecure*!)
Max
--
-----------------------------------------------
Max Horn
International C/C++/Internet Development
email: <mailto:max at quendi.de>
web: <http://www.quendi.de>
phone: (+49) 6151-494890
_______________________________________________
jdev mailing list
jdev at jabber.org
http://mailman.jabber.org/listinfo/jdev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 3526 bytes
Desc: not available
URL: <https://www.jabber.org/jdev/attachments/20001115/4fc7a98e/attachment-0002.bin>
More information about the JDev
mailing list