On 01/09/2014 05:15 PM, Les Mikesell wrote:
> On Thu, Jan 9, 2014 at 3:55 PM, John R Pierce <pierce@xxxxxxxxxxxx> wrote:
>> On 1/9/2014 1:27 PM, Kanwar Ranbir Sandhu wrote:
>>> I think everyone should assume the entire ecosystem is compromised and
>>> shouldn't trust anything. Code should be reviewed and bugs/weaknesses
>>> removed IMMEDIATELY. The problem is obviously not everyone is a
>>> programmer and not everyone will have the knowledge to understand how to
>>> fix/improve the security issues. Of course, some software is still
>>> good, but who's going to verify that and when? If you don't use free
>>> software, you're a goner because now you have no ability whatsoever to
>>> audit the code!
>> I've programmed for 40 years, and I don't understand encryption
>> algorithms nor can I evaluate their strengths and weaknesses. I know
>> very few programmers who can. None personally, in fact.
> I always just assumed that blowfish was good precisely because it
> wasn't the one that was recommended/promoted by the groups likely to
> be compromised. But, I try to stay out of politics so I don't worry
> much about keeping secrets anyway.
Bruce's twofish was better; it was his AES submission.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
