On 04/23/2010 11:00 PM, Patrick O'Callaghan wrote:
On Fri, 2010-04-23 at 10:09 -0400, Tom Horsley wrote:
On Fri, 23 Apr 2010 09:35:55 -0430 Patrick O'Callaghan wrote:
More to the point, there would be widespread panic among banks and online shopping sites, webmail sites, and anywhere else that relies on a public-key based security model, which is essentially all of them.
Nah, those aren't really problems. As we have already seen with all the recent spate of credit card number pilfering, it is far simpler to get a crook hired by the company to get inside info than to waste lots of time with cracking encryption codes :-).
Indeed. One of the fallacies of the security-challenged is to think that by solving crypto, you've solved security. Needham and Schroeder put it very well:
"If you think your problem can be solved by cryptography, you don't understand cryptography and you don't understand your problem."
Sounds like a pithy quotation that should be found by google. But, I was unable to unearth that quotation. Do you have a source?
(It's an aphorism, not to be taken *too* literally).
poc