| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140401220749.73260ea2@lambda> Date: Tue, 1 Apr 2014 22:07:49 +0000 From: Brandon Enright <bmenrigh@...ndonenright.net> To: discussions@...sword-hashing.net Cc: bmenrigh@...ndonenright.net Subject: On the topic of attacking designs, not authors -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm new here but I already see comments like: > Well, I just said I'd hold off picking on poor AntCrypt, since it's > not the guy's fault he picked a name starting with A, but... > Apologies to the author... sorry, you were at the top of the list. I have a horse in the race too (Omega Crypt) but I want to see designs evaluated and attacked. If that means my design gets torn to shreds so be it. It's very important everything that needs to be said about a proposal is said. Security never has been about rainbows and unicorns. It sucks to see something you've worked hard on broken or criticized but that's the way it has to be if we want to learn about all of the security implications of a particular design. So as long as you're being professional and attacking the *design* and NOT the *author* don't hold back. If you're concerned about picking on the AntCrypt author then skip ahead from A to O or some other letter :-) Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlM7OL0ACgkQqaGPzAsl94L3yQCgxVXfLBg07KVtqQyjotXcIiFy CgYAoJ9Umd6KXF7vR4nlBLJBG/PG007h =B0nM -----END PGP SIGNATURE-----
Powered by blists - more mailing lists