[3951] in WWW Security List Archive
RE: Universal Data Cryptography Module V
daemon@ATHENA.MIT.EDU (jwp@chem.ucsd.edu)
Fri Jan 10 22:57:24 1997
From: jwp@chem.ucsd.edu
Date: Fri, 10 Jan 1997 12:13:39 -0800
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
> From CDAVIDSO@is.nmh.nmh.org Fri Jan 10 11:05 PST 1997
>
> .... No, I won't fully trust my data that needs top security with any
> new algorithm. However, I am willing to try it on less critical data.
> How else is it going to pass the test of "public scrutiny"?
Using the stuff as a black box is not public scrutiny, even if you have
the expertise and time to attack the results to see if you can crack it.
Public scrutiny means that the algorithm is published openly so that it
can be analyzed. It appears that has not been done in this case.
Of course, disassembling the DLL and analyzing the result would, with some
effort, reveal the algorithm, but that's not generally a socially acceptable
way of doing this sort of work. People have undoubtedly already done that,
but they are unlikely to be people interested in publishing their findings,
or the algorithm (unless, perhaps, they find it really is good and they
file for a patent).
