Re: liability for selling bad crypto?

[David Jablon <dpj@world.std.com>]

Daniel Harkins wrote:
>>   Ah yes, after being foiled in their "shareholder protection" class
>> action suits filed after a stock drops and realizing that the y2k hype 
>> is likely to not engender much support in the courts these parasites
>> are looking for a nice thick vein to suck dry.

At 10:02 AM 5/13/98 -0400, Perry E. Metzger wrote:
>More power to them. Any company selling 40 bit crypto deserves what it 
>gets, good and hard. It is, as I've said, very close to fraud, if not
>actual fraud.

As far as liability is concerned, the court that seems to
matter the most today is the court of public opinion.

Protocols open to 40-bit (or easier) attack should be
easy to discredit in the marketplace.  But if not, then I
I doubt they can be discredited in adversarial legal action.

Curiously, this liability thread was inspired by a parallel
discussion on cryptography@c2.net of weaknesses in PPTP,
which uses RC4 with keys of indeterminate size.  Like many
challenge/response password systems, it uses password-derived
session keys with often less than 40 bits of entropy.

I can hear the defense already ...
"So, I ask you, if challenge/response protocols are
a standard accepted practice in the industry, isn't it just
a wee bit fanatical to demand that all keys be larger than
40 bits?"

------------------------------------
David Jablon
Integrity Sciences, Inc.
dpj@world.std.com
<http://world.std.com/~dpj/>

---

References:

• Re: liability for selling bad crypto?
• From: "Perry E. Metzger" <perry@piermont.com>

---

• Prev by Date: Re: 40bit DES?
• Next by Date: RE: 40bit DES? & IBM Patents
• Prev by thread: Re: liability for selling bad crypto?
• Next by thread: Re: liability for selling bad crypto?
• Index(es):
  • Main
  • Thread