[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: liability for selling bad crypto?
Daniel Harkins wrote:
>> Ah yes, after being foiled in their "shareholder protection" class
>> action suits filed after a stock drops and realizing that the y2k hype
>> is likely to not engender much support in the courts these parasites
>> are looking for a nice thick vein to suck dry.
At 10:02 AM 5/13/98 -0400, Perry E. Metzger wrote:
>More power to them. Any company selling 40 bit crypto deserves what it
>gets, good and hard. It is, as I've said, very close to fraud, if not
>actual fraud.
As far as liability is concerned, the court that seems to
matter the most today is the court of public opinion.
Protocols open to 40-bit (or easier) attack should be
easy to discredit in the marketplace. But if not, then I
I doubt they can be discredited in adversarial legal action.
Curiously, this liability thread was inspired by a parallel
discussion on cryptography@c2.net of weaknesses in PPTP,
which uses RC4 with keys of indeterminate size. Like many
challenge/response password systems, it uses password-derived
session keys with often less than 40 bits of entropy.
I can hear the defense already ...
"So, I ask you, if challenge/response protocols are
a standard accepted practice in the industry, isn't it just
a wee bit fanatical to demand that all keys be larger than
40 bits?"
------------------------------------
David Jablon
Integrity Sciences, Inc.
dpj@world.std.com
<http://world.std.com/~dpj/>
References: