[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: VSACM V2.0 Source Code Request (fwd)



Dr.Dimitri Vulis KOTM wrote:
> Jim Choate <[email protected]> writes:
> > Forwarded message:
> > > Subject: VSACM V2.0 Source Code Request
> > > Date: Fri, 14 Mar 1997 23:31:49 -0600 (CST)
> >
> > > I would appreciate receiving a copy of the source code for your
> > > encryption software, for the purpose of peer review.
> >
> > These sorts of requests are setting a bad precedence. All that should be
> > needed for peer review is the algorithmic expression of the software, not
> > its source code. The only issue that public review should consist of is the
> > strength of the algorithm. Questions relating to specific implimentation
> > questions should be done between vendor and client in private (caveat
> > emptor!). What those questions should be should be open to public review as
> > well. Class, not instance.
> >
> > Public review should be concerned with the characteristics of specific
> > algorithms and not the honesty of the particular implementor.
> 
> I disagree. Remember when a widely available C implementation of the Blowfish
> algorithm was found to have a bug that significantly weakened its security?
> The bug was in the C implementation, not the algorithm itself.
> 
> By the way, I requested the source code from Mr.Ramos within minutes after
> he made the offer on this mailing list and haven't heard back from him yet.

I also requested a copy and as of Sat Mar 15 11:33:17 CST 1997 have not
heard anything from Mr. Ramos yet.

I hope to receive it very soon, as Mr. Ramos promised.

	- Igor.