Full Disclosure mailing list archives
Re: My response to both the analysis of CIPE by Gutmann, Slashdot and the response by the CIPE list
From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 25 Sep 2003 11:01:17 +0200
On Thu, Sep 25, 2003 at 03:43:06AM +0200, Jake Appelbaum wrote:
After reading Gutmann's short but to the point email a few points that he made seemed obvious. Some of the flaws were not so obvious. CIPE seemed to have some very simple flaws and some of the fixes were easy to implement.
The CRC flaw is not easy to correct.
I found a some of it delivered in such a manner that would upset people who were highly vested in the projects he was criticizing. Perhaps it was the comment that I also found to be so amusing, something to do with sound waves. Amusing as it may be, it's still quite harsh.
Especially as some of the flaws (the replay attacks) are actually documented in the manual.
I then read through the posts on Slashdot that declared CIPE to be dead. I found these to be really immature and silly considering the nature of F/OSS.
Maybe it's not dead, but I'd rather not use security software which is unmaintained. (Several people tried to reach Olaf and failed.) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- My response to both the analysis of CIPE by Gutmann, Slashdot and the response by the CIPE list Jake Appelbaum (Sep 24)
- Re: My response to both the analysis of CIPE by Gutmann, Slashdot and the response by the CIPE list Florian Weimer (Sep 25)
- Re: My response to both the analysis of CIPE by Gutmann, Slashdot and the response by the CIPE list Michal Zalewski (Sep 25)
- Re: My response to both the analysis of CIPE by Gutmann, Slashdot and the response by the CIPE list Alexandre Dulaunoy (Sep 25)
- Re: My response to both the analysis of CIPE by Gutmann, Slashdot and the response by the CIPE list Florian Weimer (Sep 25)