On 01/09/2014 06:33 PM, Cliff Pratt wrote: > I was shocked and horrified to find out that RHEL (and presumably CentOS) > and Ubuntu no longer implement the 'rot13' program. But they implement the NULL cipher as part of IPsec. > > Cheers, > > Cliff > > > On Fri, Jan 10, 2014 at 11:32 AM, Robert Moskowitz <rgm at htt-consult.com>wrote: > >> On 01/09/2014 05:15 PM, Les Mikesell wrote: >>> On Thu, Jan 9, 2014 at 3:55 PM, John R Pierce <pierce at hogranch.com> >> wrote: >>>> On 1/9/2014 1:27 PM, Kanwar Ranbir Sandhu wrote: >>>>> I think everyone should assume the entire ecosystem is compromised and >>>>> shouldn't trust anything. Code should be reviewed and bugs/weaknesses >>>>> removed IMMEDIATELY. The problem is obviously not everyone is a >>>>> programmer and not everyone will have the knowledge to understand how >> to >>>>> fix/improve the security issues. Of course, some software is still >>>>> good, but who's going to verify that and when? If you don't use free >>>>> software, you're a goner because now you have no ability whatsoever to >>>>> audit the code! >>>> I've programmed for 40 years, and I don't understand encryption >>>> algorithms nor can I evaluate their strengths and weaknesses. I know >>>> very few programmers who can. None personally, in fact. >>> I always just assumed that blowfish was good precisely because it >>> wasn't the one that was recommended/promoted by the groups likely to >>> be compromised. But, I try to stay out of politics so I don't worry >>> much about keeping secrets anyway. >> Bruce's twofish was better; it was his AES submission. >> >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >