On Thu, Jan 9, 2014 at 3:55 PM, John R Pierce <pierce at hogranch.com> wrote: > On 1/9/2014 1:27 PM, Kanwar Ranbir Sandhu wrote: >> I think everyone should assume the entire ecosystem is compromised and >> shouldn't trust anything. Code should be reviewed and bugs/weaknesses >> removed IMMEDIATELY. The problem is obviously not everyone is a >> programmer and not everyone will have the knowledge to understand how to >> fix/improve the security issues. Of course, some software is still >> good, but who's going to verify that and when? If you don't use free >> software, you're a goner because now you have no ability whatsoever to >> audit the code! > > I've programmed for 40 years, and I don't understand encryption > algorithms nor can I evaluate their strengths and weaknesses. I know > very few programmers who can. None personally, in fact. I always just assumed that blowfish was good precisely because it wasn't the one that was recommended/promoted by the groups likely to be compromised. But, I try to stay out of politics so I don't worry much about keeping secrets anyway. -- Les Mikesell lesmikesell at gmail.com