In some email I received from Magosanyi Arpad, sie wrote:
[Charset iso-8859-2 unsupported, filtering to ASCII...]
> A levelez_m azt hiszi, hogy Darren Reed a k_vetkez_eket _rta:
> []
> >
> > Bad crypto is worse than no crypto at all.
>
> Agreed. But low functionality crypto is not necessarily bad crypto.
> I guess we can stop here, because everyone seems to agree that having
> something already done is good, and no one seems to care about embedded
> systems (I also don't care about them).
You're wrong on two accounts here.
Firstly, "low functionality crypto". If this means using a simple
algorithm (i.e. < 128bit key) or predefined symmetric keys, it is
bad crypto. What is more important than secrecy is integrity and
for that crypto is not required.
Secondly, "embedded systems". People do care about them and if the
companies that manufacture them care as much as we do, if they want
crypto they will do it right rather than end up on bugtraq as a "bug
du jour".
Also, by mandating that SSL (or some other standard crypto protocol)
is used, if vendors put that in hardware then they can potentially
use it for, e.g. HTTPS, etc. i.e. they get to use the one crypto
implementation in their hardware for multiple tasks, rather than
just the one dedicated task - logging.
Darren
