[CentOS] Can we trust RedHAt encryption tools?

Fri Jan 10 01:22:01 UTC 2014
Robert Moskowitz <rgm at htt-consult.com>

On 01/09/2014 06:33 PM, Cliff Pratt wrote:
> I was shocked and horrified to find out that RHEL (and presumably CentOS)
> and Ubuntu no longer implement the 'rot13' program.

But they implement the NULL cipher as part of IPsec.

>
> Cheers,
>
> Cliff
>
>
> On Fri, Jan 10, 2014 at 11:32 AM, Robert Moskowitz <rgm at htt-consult.com>wrote:
>
>> On 01/09/2014 05:15 PM, Les Mikesell wrote:
>>> On Thu, Jan 9, 2014 at 3:55 PM, John R Pierce <pierce at hogranch.com>
>> wrote:
>>>> On 1/9/2014 1:27 PM, Kanwar Ranbir Sandhu wrote:
>>>>> I think everyone should assume the entire ecosystem is compromised and
>>>>> shouldn't trust anything.  Code should be reviewed and bugs/weaknesses
>>>>> removed IMMEDIATELY.  The problem is obviously not everyone is a
>>>>> programmer and not everyone will have the knowledge to understand how
>> to
>>>>> fix/improve the security issues.  Of course, some software is still
>>>>> good, but who's going to verify that and when?  If you don't use free
>>>>> software, you're a goner because now you have no ability whatsoever to
>>>>> audit the code!
>>>> I've programmed for 40 years, and I don't understand encryption
>>>> algorithms nor can I evaluate their strengths and weaknesses.   I know
>>>> very few programmers who can.  None personally, in fact.
>>> I always just assumed that blowfish was good precisely because it
>>> wasn't the one that was recommended/promoted by the groups likely to
>>> be compromised.   But, I try to stay out of politics so I don't worry
>>> much about keeping secrets anyway.
>> Bruce's twofish was better; it was his AES submission.
>>
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>