Date: Mon, 29 Nov 1999 15:36:39 -0500 From: Dan Moschuk <dan@FreeBSD.ORG> To: Brad Knowles <blk@skynet.be> Cc: Kris Kennaway <kris@hub.freebsd.org>, Dan Moschuk <dan@FreeBSD.ORG>, Bruce Evans <bde@zeta.org.au>, Mike Smith <msmith@FreeBSD.ORG>, audit@FreeBSD.ORG, Warner Losh <imp@village.org> Subject: Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c src/sys/libkern arc4random.c src/sys/sys libkern.h Message-ID: <19991129153639.B2999@spirit.jaded.net> In-Reply-To: <v0420551bb4688f87fb80@[195.238.21.204]>; from blk@skynet.be on Mon, Nov 29, 1999 at 09:20:13PM %2B0100 References: <Pine.BSF.4.21.9911291103500.51314-100000@hub.freebsd.org> <v0420551bb4688f87fb80@[195.238.21.204]>
next in thread | previous in thread | raw e-mail | index | archive | help
| > I don't know what Theodore Ts'o's credentials are, but I'm still much more | > inclined to trust the work of someone who does this stuff for a living | > than a part-time cryptographer. | | As I recall, he's one of the principles at MIT working on the | freely available implementation of PGP, although I don't know his | specific crypto background. PGP is based on known algorithms, implementing and designing are two vastly different things. | This seems like a serious problem. I think we need to fix this | as soon as we can, if we're going to have any credibility in our | audit and security processes (I think we also need to get the commit | process changed so as to help automate what we can of the | audit/re-audit process). | | Does anyone have any further thoughts in this area? Anyone know | of any available professional cryptographers who might be available | to do this kind of work? Anybody got any better contacts with Greg | Rose or Carl Ellison, or perhaps other cryptographers who might know | of potentially interested/available parties? One of the benefits of using an algorithm designed by a professional cryptographer is that the algorithm is bound to be studied extensively, it doesn't neccessarily have to be from our code base. -- Dan Moschuk (TFreak!dan@freebsd.org) "Cure for global warming: One giant heatsink and dual fans!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991129153639.B2999>