[CentOS] Can we trust RedHAt encryption tools?
Les Mikesell
lesmikesell at gmail.com
Thu Jan 9 22:15:13 UTC 2014
On Thu, Jan 9, 2014 at 3:55 PM, John R Pierce <pierce at hogranch.com> wrote:
> On 1/9/2014 1:27 PM, Kanwar Ranbir Sandhu wrote:
>> I think everyone should assume the entire ecosystem is compromised and
>> shouldn't trust anything. Code should be reviewed and bugs/weaknesses
>> removed IMMEDIATELY. The problem is obviously not everyone is a
>> programmer and not everyone will have the knowledge to understand how to
>> fix/improve the security issues. Of course, some software is still
>> good, but who's going to verify that and when? If you don't use free
>> software, you're a goner because now you have no ability whatsoever to
>> audit the code!
>
> I've programmed for 40 years, and I don't understand encryption
> algorithms nor can I evaluate their strengths and weaknesses. I know
> very few programmers who can. None personally, in fact.
I always just assumed that blowfish was good precisely because it
wasn't the one that was recommended/promoted by the groups likely to
be compromised. But, I try to stay out of politics so I don't worry
much about keeping secrets anyway.
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list