[Info-vax] VSI has released 9.2-1

Dave Froble davef at tsoft-inc.com
Wed Jul 5 09:05:29 EDT 2023 

On 7/4/2023 9:25 PM, Arne Vajhøj wrote:
> On 6/19/2023 9:43 PM, Dave Froble wrote:
>> People who count for encryption to provide protection don't really care all
>> that much.  Do enough to check the appropriate box, then not their problem.
>>
>> People who really care about security of course may use SSL, but then what
>> happens when the encryption is broken?  The user's data is available to the
>> hackers.  But what if the app developers insured that the data, if encryption
>> is defeated, doesn't really mean anything to the hackers.  Some custom stuff
>> in addition to SSL and such.  Yeah, even then, some hacker might figure out
>> the data.  But isn't it better to make it as tough for the hacker as one can?
>>
>> Now I'll hear from some "you got to use standards".  I'd ask "why?"  The
>> problem with standards is, everybody knows them.
>
> There are two benefits from going standard.
>
> Interoperability. If the communication is based on standards, then
> software from different vendors can communicate. SSL (TLS 1.2 or 1.3
> of course!) is widely supported standard so C programs on VMS,
> Java programs on Linux and VB.NET programs on Windows can communicate
> without problems due to the standard.
>
> Security. The public known standard protocols and algorithms are being
> reviewed by thousands of mathematicians all over the world. A home grown
> protocol and algorithm will be reviewed by a few software engineers
> which may or may not have math/cryptography knowledge. The first will
> simply result in a better solution.
>
> Good cryptography does not depend on protocols or algorithms
> being unknown. It is possible to constructs stuff that are secure
> even with known protocols/algorithms. And protocols/algorithms
> that are not secure if known are very bad. They will eventually leak.
>
> Arne
>

You sort of missed the point of my post.

-- 
David Froble                       Tel: 724-529-0450
Dave Froble Enterprises, Inc.      E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA  15486

More information about the Info-vax mailing list