[Info-vax] VSI has released 9.2-1

Dave Froble davef at tsoft-inc.com
Wed Jul 5 19:32:10 EDT 2023 

On 7/5/2023 3:37 PM, Arne Vajhøj wrote:
> On 7/5/2023 9:05 AM, Dave Froble wrote:
>> On 7/4/2023 9:25 PM, Arne Vajhøj wrote:
>>> On 6/19/2023 9:43 PM, Dave Froble wrote:
>>>> People who count for encryption to provide protection don't really care all
>>>> that much.  Do enough to check the appropriate box, then not their problem.
>>>>
>>>> People who really care about security of course may use SSL, but then what
>>>> happens when the encryption is broken?  The user's data is available to the
>>>> hackers.  But what if the app developers insured that the data, if encryption
>>>> is defeated, doesn't really mean anything to the hackers.  Some custom stuff
>>>> in addition to SSL and such.  Yeah, even then, some hacker might figure out
>>>> the data.  But isn't it better to make it as tough for the hacker as one can?
>>>>
>>>> Now I'll hear from some "you got to use standards".  I'd ask "why?"  The
>>>> problem with standards is, everybody knows them.
>>>
>>> There are two benefits from going standard.
>>>
>>> Interoperability. If the communication is based on standards, then
>>> software from different vendors can communicate. SSL (TLS 1.2 or 1.3
>>> of course!) is widely supported standard so C programs on VMS,
>>> Java programs on Linux and VB.NET programs on Windows can communicate
>>> without problems due to the standard.
>>>
>>> Security. The public known standard protocols and algorithms are being
>>> reviewed by thousands of mathematicians all over the world. A home grown
>>> protocol and algorithm will be reviewed by a few software engineers
>>> which may or may not have math/cryptography knowledge. The first will
>>> simply result in a better solution.
>>>
>>> Good cryptography does not depend on protocols or algorithms
>>> being unknown. It is possible to constructs stuff that are secure
>>> even with known protocols/algorithms. And protocols/algorithms
>>> that are not secure if known are very bad. They will eventually leak.
>>
>> You sort of missed the point of my post.
>
> I miss a lot.
>
> But I read it as that you suggested not using standard
> protocols/algorithms but something unique/homemade.
>
> Was that not the case?
>
> Arne
>
>

No!

I use such as SSL and other standards.

But then, it's not enough to say "hey, we use standards", and assume all will be 
well.  Perhaps going beyond such and further trying to make your data useless to 
those who should not have it.

-- 
David Froble                       Tel: 724-529-0450
Dave Froble Enterprises, Inc.      E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA  15486

More information about the Info-vax mailing list