[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: VSACM V2.0 Source Code Request (fwd)



Jim Choate <[email protected]> writes:

> Forwarded message:
>
> > Subject: VSACM V2.0 Source Code Request
> > Date: Fri, 14 Mar 1997 23:31:49 -0600 (CST)
>
> > I would appreciate receiving a copy of the source code for your
> > encryption software, for the purpose of peer review.
>
> These sorts of requests are setting a bad precedence. All that should be
> needed for peer review is the algorithmic expression of the software, not
> its source code. The only issue that public review should consist of is the
> strength of the algorithm. Questions relating to specific implimentation
> questions should be done between vendor and client in private (caveat
> emptor!). What those questions should be should be open to public review as
> well. Class, not instance.
>
> Public review should be concerned with the characteristics of specific
> algorithms and not the honesty of the particular implementor.

I disagree. Remember when a widely available C implementation of the Blowfish
algorithm was found to have a bug that significantly weakened its security?
The bug was in the C implementation, not the algorithm itself.

By the way, I requested the source code from Mr.Ramos within minutes after
he made the offer on this mailing list and haven't heard back from him yet.

---

<a href="mailto:[email protected]">Dr.Dimitri Vulis KOTM</a>
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps