[JDEV] Continued Improvement of Security Concerns

Rolle, Ted trolle at uwgrocers.com
Wed Nov 15 13:33:48 CST 2000


Oh, the old Zero-Knowledge Protocol (ZKP)?

How about Schneier's books:
Applied Cryptography, 2nd ed, and
Secrets and Lies?

-----Original Message-----
From: Max Horn [mailto:max at quendi.de]
Sent: Wednesday, November 15, 2000 11:17
To: jdev at jabber.org
Subject: RE: [JDEV] Continued Improvement of Security Concerns


At 14:53 Uhr -0800 14.11.2000, Rolle, Ted wrote:
>Yee Haw!!!  We got us a rumble goin!!!
>
>I'd suggest making the encryption the default communications mode, with
>plaintext an alternative to assist in debugging.
>
>Also, they would be most useful as a pluggable module with Rijndael as the
>default, but able to change to, say, Twofish, or another system as needs
and
>wills require.
>
>I'll help write the code if you wish.

The problem is not at all the crypto algorithm. The problem is 
"trusting" a remote partner, and making sure a remote partner is 
"valid".


This is a complicated topic, I wrote several mails to the JDEV ML 
about this topic, and also have talked in the past (and will talk in 
the future) with the Jabber core team about this.


I suggest to everyone who wants to talk about security with us to 
read "Intro to Crypto" by Philip Zimmerman (the inventor of PGP) 
which is available as text/html/pdf for free on the net.


Of course, this is not a problem if both sides of the communication 
"know" each other and have a shared key. But in 99% of time this is 
not the case. Thus, you have to relay on CAs (Certification Agencies) 
that you trust and that help you validate your "partner" with whom 
you want to communicate.


Again, read "Intro to Crypto" to understand better the problems of 
cryptography (and let me asure you one thing: it's simple to write a 
program using Rijndael/DES/RSA/TwoFish/Blowfish/IDEA/whatever that is 
perfectly *unsecure*!)



Max
-- 
-----------------------------------------------
Max Horn
International C/C++/Internet Development

email: <mailto:max at quendi.de>
   web: <http://www.quendi.de>
phone: (+49) 6151-494890

_______________________________________________
jdev mailing list
jdev at jabber.org
http://mailman.jabber.org/listinfo/jdev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 3526 bytes
Desc: not available
URL: <https://www.jabber.org/jdev/attachments/20001115/4fc7a98e/attachment-0002.bin>


More information about the JDev mailing list