Hacker News new | past | comments | ask | show | jobs | submit login

That is first of all not true, and second of all not relevant. In both cases the cryptosystem itself had a design flaw. And in both cases the implementations of that cryptosystem, aside from the design flaws, had implementation flaws that made the design a moot point.



It is still a good point though. Even using proven protocols, you can still make mistakes in the implementation. Using proven implementations is best.


I took his point to be the opposite: that the worst that seems to happen with cryptosystems is that implementations are broken.

That bugged me on two levels: first, the idea that there haven't been terrible bugs in e.g. SSL3, and second that an implementation bug means "just upgrade OpenSSL", when it's more like "the discovery of buffer overflows and attendant years of chaos".

I am jumpy about this topic, though.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: