faramir.cl at gmail.com
Wed Sep 24 21:43:06 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Robert J. Hansen escribió:
> Faramir wrote:
> I have a _big_ problem with people arguing that their personal
> prejudices are actually reasonable conclusions to draw. Like Mark Twain
That was never my intention, I always knew my prejudice was not
rational, and I tried to make that clear. But maybe I should have tried
harder. I used the terms "I don't like" instead of "it is not good",
because I know it is good enough to be in use. I didn't know it is
supposed to be the most secure algorithm available.
> When people who sound like they know what they're talking about say
> things that are not factually true, newbies remember the sound bites a
> lot more than the facts. The facts: 3DES is ugly, slow, and the most
> trusted cipher in the OpenPGP arsenal. But from the way you're talking
> about it, it's a nightmare of engineering rather than a triumph. Which
Again, I was talking about "likes and dislikes", things that are
subjective, and not about "good or bad". I can say something like "I
don't like cola beverages, because when I was a boy, I was drinking
pepsi and I almost chocked and the bubbles came out from my nose". But
people would not think cola beverages are bad, just because of that
statement. By the way, I do like coca cola.
>> When people is lazzy and don't want to spend time and energy to make
> What disadvantages? It's slow. That's irrelevant for most OpenPGP usage.
True, it is not relevant to me, since I don't process large amounts of
data, so I don't count how many miliseconds does it need to do the work.
Anything that doesn't take more than 5 seconds is fine for me. And if I
just use it from time to time, I can gladly let it work for some
minutes. But there are speed comparisons between AES and Twofish, so I
suppose if people took the time to do the comparisons, it was relevant
_for them_. In that context, being slow is a disadvantage. But end users
want to use the software, not to make contests...
> Also, if you really want to call Don Coppersmith and the rest of the DES
> design team 'lazy,' well, go ahead, but expect a lot of people to look
No, I don't want to call them 'lazy', I was talking about the things
not related to software I have seen, done by people too lazy or careless
to think if there is a better solution to solve a problem... I really
tried to be clear at that point.
>> But when I saw an article about 3DES, and I understood (or
>> _misunderstood_) it was just to apply DES 3 times, that arose the
>> same _feeling_ that I feel when I see a sloppy job.
> That opinion puts you in an enormous minority.
Oh, well... I was not trying to opine, I just was trying to talk
about the impression I got from an article I read last year...
>> Once I saw a shelf attached to the wall by no less than 24 screws.
>> When the shelf was removed, the wall looked like it had been attack
>> with a screw-shooting machine gun. Sure, the shelf was firmly
> And when you look at the Roman Coliseum, do you think "gee, they really
> overengineered that, the design must be lazy and shoddy, and this
> doesn't look anything like an I.M. Pei or a Frank Lloyd Wright design,
> it's ugly"?
I think it is pretty. You use the term 'overengineered'. I talked
about the absolute lack of 'engineering' in the shelf attachment
solution. The guy had a lot of these plastic things that are put inside
the holes in the wall, to hold the screws (screws and concrete requite
something in the middle), with 6 mm diameter. That size is good if you
want to hang a picture, or a telephone, but are too small for bulky
things like the shelf I was talking about. And the guy just used a lot
of them to solve the problem, instead of thinking if a bigger screws
would be a better option.
>> But it is not the same than to discover a painkiller can also reduce
>> the risk of heart strokes.
> In DES and 3DES's case, this is almost exactly what we're talking about.
Excellent, at least this discussion have made me to change my opinion
about 3DES. If I find the article I will read it again, and if I
conclude that I didn't misunderstood what is written in the article, I
will give you the link, so you can suggest the author what should be
changed. And it was me the one who misunderstood the content, I will try
to be more careful in future.
>> point, or if I failed to notice it. If 3DES is the application of a
>> theory that was not considered before, then it is not what I thought
>> it was. If 3DES is built using DES, as a wall is made using bricks, I
>> don't have anything against that.
> Both are correct.
Well, I didn't know that, I was thinking it was like the weak door
example... I was wrong.
>> Yes, but I figure these patches are carefully designed to solve the
>> problems without causing new ones. And if a bug is introduced, there
>> are efforts to remove it ASAP.
> Yes. Just like 3DES.
Then, it is not a "lets do it 3 times" solution, *in the spirit I
tried to communicate with these words*. Sorry if I can't explain it in a
clearer way. Maybe latter I can send you an example of what I was
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users