[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] My response to both the analysis of CIPE by Gutmann, Slashdot and the response by the CIPE list
- To: Jake Appelbaum <jacob@xxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] My response to both the analysis of CIPE by Gutmann, Slashdot and the response by the CIPE list
- From: Florian Weimer <fw@xxxxxxxxxxxxx>
- Date: Thu, 25 Sep 2003 11:01:17 +0200
On Thu, Sep 25, 2003 at 03:43:06AM +0200, Jake Appelbaum wrote:
> After reading Gutmann's short but to the point email a few points that
> he made seemed obvious. Some of the flaws were not so obvious. CIPE
> seemed to have some very simple flaws and some of the fixes were easy to
> implement.
The CRC flaw is not easy to correct.
> I found a some of it delivered in such a manner that would upset people
> who were highly vested in the projects he was criticizing. Perhaps it was
> the comment that I also found to be so amusing, something to do with
> sound waves. Amusing as it may be, it's still quite harsh.
Especially as some of the flaws (the replay attacks) are actually
documented in the manual.
> I then read through the posts on Slashdot that declared CIPE to be
> dead. I found these to be really immature and silly considering the
> nature of F/OSS.
Maybe it's not dead, but I'd rather not use security software which is
unmaintained. (Several people tried to reach Olaf and failed.)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html