[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MD5 versus SHA



At 9:17 AM 3/28/95, touch@ISI.EDU wrote:

>b) the IP security community has (as far as I have read from RFCs)
>        stated that software is preferable for several reasons:
>
>        - compatibility with existing hardware base
>        - agility (ability to change the algorithm if the need arises,
>                e.g., someone cracks DES :-)
>

As we, the PSRG, note in our Internet-Draft
<draft-irtf-psrg-secarch-sect1-00.txt>:

1.6.3.3  Preference for Software

To maximize interoperability in the Internet, security designs that can
be implemented in either software or hardware should be preferred over
those that require hardware.  Also, security designs should prefer
software security mechanisms that are freely and publicly available in
source code.  This is especially true if security mechanisms must be
implemented in end systems.  Hardware often can provide additional
protection or improved performance for security mechanisms, but designs
that can be implemented in either software or hardware permit the choice
as a local implementation option, not visible at external interfaces.
Source code maximizes the potential for interoperability because if a
mechanism is available only in object code, the range of platforms on
which it can be used may be very limited.

Source code is important for other reasons, too.  Without source code,
it is harder to conduct open peer review (see Section 1.6.2.1) and
develop confidence that software works properly and contains no Trojan
horses.  Restricting distribution of security mechanisms to object code
is a kind of "security by obscurity" that usually is ineffective in the
Internet, especially if the mechanism is weak.  It is inevitable that
someone will decompile the object code and search for vulnerabilities
that may remain because the source code was not subject to wide review.
That one person can then provide attack information to the entire
Internet (see Section 1.5.4.3).  History shows that attackers are often
more motivated to search for vulnerabilities than are the system
designers and legitimate users.




Regards, -Rob-    Robert W. Shirey  SHIREY@MITRE.ORG
tel 703.883.7210, sec 703.883.5749, fax 703.883.1397
Info. Security Div., The MITRE Corp., Mail Stop Z231
7525 Colshire Drive, McLean, Virginia 22102-3481 USA