lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 1 Apr 2014 22:07:49 +0000
From: Brandon Enright <bmenrigh@...ndonenright.net>
To: discussions@...sword-hashing.net
Cc: bmenrigh@...ndonenright.net
Subject: On the topic of attacking designs, not authors

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, I'm new here but I already see comments like:

> Well, I just said I'd hold off picking on poor AntCrypt, since it's
> not the guy's fault he picked a name starting with A, but...

> Apologies to the author... sorry, you were at the top of the list.


I have a horse in the race too (Omega Crypt) but I want to see designs
evaluated and attacked.  If that means my design gets torn to shreds so
be it.  It's very important everything that needs to be said about a
proposal is said.

Security never has been about rainbows and unicorns.  It sucks to see
something you've worked hard on broken or criticized but that's the way
it has to be if we want to learn about all of the security implications
of a particular design.

So as long as you're being professional and attacking the *design* and
NOT the *author* don't hold back.

If you're concerned about picking on the AntCrypt author then skip
ahead from A to O or some other letter :-)

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlM7OL0ACgkQqaGPzAsl94L3yQCgxVXfLBg07KVtqQyjotXcIiFy
CgYAoJ9Umd6KXF7vR4nlBLJBG/PG007h
=B0nM
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists