<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: hans steegers <steegers,AT,steegers,DOT,nl>
Subject: Re: Data integrity check in CIPE - Please explain me thenecessityor benefit of a larger checksum.
From: "Eric M. Hopper" <hopper,AT,omnifarious,DOT,org>
Date: Mon, 29 Sep 2003 16:14:53 -0500
Cc: cipe-l,AT,inka,DOT,de
In-reply-to: <200309292100.19845.steegers@steegers.nl>
Organization: Omnifarious Software
References: <000b01c3865f$f66d9e20$d620a8c0@pcw_hans.hnsasd.priv> <1064851787.23120.28.camel@monster.omnifarious.org> <200309292100.19845.steegers@steegers.nl>

On Mon, 2003-09-29 at 14:00, hans steegers wrote:
> Bullshit: there was nothing to discover, just reading Protocol.txt. And 
> there 
> is _NO_BUG_!!! (This is FUD!) And as a wannabee cryptographer, one should 
> expect you read at least the protocol description of the protocol you use. 
> And as a programmer you should at least be curious about the implementation.
> And now calling it 'another insecure protocol' contradicts all your 
> advertised 
> expertise.
> 
> For me it was no surprise at all: I knew about the tradeoff between 
> security 
> and speed + simplicity: I judged the security as sufficient for my purposes.
> I don't care, for example, if somebody tries to replay a sequence of 
> datagrams: it will do no harm here.
> 
> What makes me very, very **angry** is those commercial people selling CIPE 
> to 
> customers as ultra-secure without having evaluated CIPE properly. And the 
> same people are now crying faul and demand it fixed! 
> For greed and profit and advertising non-existent expertise. That is 
> criminal!

I am not them.

You are shrill and annoying.  You try to find weaknesses in others that
have nothing to do with technical merit and exploit them.  You promote
your own solutions without being open to critical review.  Now I
understand why nobody wanted to help you implement the compressed
version of the CIPE protocol.  I am interested in helping to fix the
CIPE protocol, but I am no longer insterested in helping you do it.

I do thank you though for your diagram of a CIPE packet.  It's been most
instructive.  If you should have anything helpful along those lines to
contribute in the future, please put the word 'TECHNICAL' in the subject
line.

If anybody else wants to step forward as the maintainer, I am willing to
provide detailed analysis and write code.

Thanks,
--
There's an excellent C/C++/Python/Unix/Linux programmer with a wide
range of other experience and system admin skills who needs work.
Namely, me. http://www.omnifarious.org/~hopper/resume.html
-- Eric Hopper <hopper,AT,omnifarious,DOT,org>

Attachment: signature.asc
Description: This is a digitally signed message part


<< | Thread Index | >> ]    [ << | Date Index | >> ]