Changing preferences

Faramir faramir.cl at gmail.com
Wed Sep 24 21:43:06 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Robert J. Hansen escribió:
> Faramir wrote:

> I have a _big_ problem with people arguing that their personal
> prejudices are actually reasonable conclusions to draw.  Like Mark Twain

  That was never my intention, I always knew my prejudice was not
rational, and I tried to make that clear. But maybe I should have tried
harder. I used the terms "I don't like" instead of "it is not good",
because I know it is good enough to be in use. I didn't know it is
supposed to be the most secure algorithm available.

> When people who sound like they know what they're talking about say
> things that are not factually true, newbies remember the sound bites a
> lot more than the facts.  The facts: 3DES is ugly, slow, and the most
> trusted cipher in the OpenPGP arsenal.  But from the way you're talking
> about it, it's a nightmare of engineering rather than a triumph.  Which

  Again, I was talking about "likes and dislikes", things that are
subjective, and not about "good or bad". I can say something like "I
don't like cola beverages, because when I was a boy, I was drinking
pepsi and I almost chocked and the bubbles came out from my nose". But
people would not think cola beverages are bad, just because of that
statement. By the way, I do like coca cola.

>> When people is lazzy and don't want to spend time and energy to make

> What disadvantages?  It's slow.  That's irrelevant for most OpenPGP usage.

  True, it is not relevant to me, since I don't process large amounts of
data, so I don't count how many miliseconds does it need to do the work.
Anything that doesn't take more than 5 seconds is fine for me. And if I
just use it from time to time, I can gladly let it work for some
minutes. But there are speed comparisons between AES and Twofish, so I
suppose if people took the time to do the comparisons, it was relevant
_for them_. In that context, being slow is a disadvantage. But end users
want to use the software, not to make contests...

> Also, if you really want to call Don Coppersmith and the rest of the DES
> design team 'lazy,' well, go ahead, but expect a lot of people to look

  No, I don't want to call them 'lazy', I was talking about the things
not related to software I have seen, done by people too lazy or careless
to think if there is a better solution to solve a problem... I really
tried to be clear at that point.

>> But when I saw an article about 3DES, and I understood (or 
>> _misunderstood_) it was just to apply DES 3 times, that arose the
>> same _feeling_ that I feel when I see a sloppy job.
> 
> That opinion puts you in an enormous minority.

   Oh, well... I was not trying to opine, I just was trying to talk
about the impression I got from an article I read last year...


>> Once I saw a shelf attached to the wall by no less than 24 screws. 
>> When the shelf was removed, the wall looked like it had been attack
>> with a screw-shooting machine gun. Sure, the shelf was firmly
...
> And when you look at the Roman Coliseum, do you think "gee, they really
> overengineered that, the design must be lazy and shoddy, and this
> doesn't look anything like an I.M. Pei or a Frank Lloyd Wright design,
> it's ugly"?

  I think it is pretty. You use the term 'overengineered'. I talked
about the absolute lack of 'engineering' in the shelf attachment
solution. The guy had a lot of these plastic things that are put inside
the holes in the wall, to hold the screws (screws and concrete requite
something in the middle), with 6 mm diameter. That size is good if you
want to hang a picture, or a telephone, but are too small for bulky
things like the shelf I was talking about. And the guy just used a lot
of them to solve the problem, instead of thinking if a bigger screws
would be a better option.

>> But it is not the same than to discover a painkiller can also reduce 
>> the risk of heart strokes.
> 
> In DES and 3DES's case, this is almost exactly what we're talking about.

   Excellent, at least this discussion have made me to change my opinion
about 3DES. If I find the article I will read it again, and if I
conclude that I didn't misunderstood what is written in the article, I
will give you the link, so you can suggest the author what should be
changed. And it was me the one who misunderstood the content, I will try
to be more careful in future.

>> point, or if I failed to notice it. If 3DES is the application of a 
>> theory that was not considered before, then it is not what I thought
>> it was. If 3DES is built using DES, as a wall is made using bricks, I
>> don't have anything against that.
> 
> Both are correct.

  Well, I didn't know that, I was thinking it was like the weak door
example... I was wrong.

>> Yes, but I figure these patches are carefully designed to solve the 
>> problems without causing new ones. And if a bug is introduced, there
>> are efforts to remove it ASAP.
> 
> Yes.  Just like 3DES.

  Then, it is not a "lets do it 3 times" solution, *in the spirit I
tried to communicate with these words*. Sorry if I can't explain it in a
clearer way. Maybe latter I can send you an example of what I was
talking about.

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJI2phKAAoJEMV4f6PvczxAaTcH/jshgk+s8PpfHhdqbi/E7SLW
IlhLVpxd8Y1sCb5ByyVlQ8Wub0RSmIBoCNN+MAkaGcqQ+L2o4pOKWBlpi5QegU/J
HioxGX/qTaxu1dfB1hfRtakTMJUZCxIiw2aqCEqjr3nVOeUxnCSH34RqVmKovT0T
6w4g2alUKgXsiMb0/cZFwFjB2Uc0QUmv7krSPk0iAvWe9Lan79PgXQ1usjrYNaiV
Lv+thIcz9domS9E2M2SN/clBYl1HnBb4IBOG4afr1R94d1s4rAhDF/MrgWlgA7ew
ddsqGgNbDvrondTUON+WBKoU45Ah6Ctjxtk6WZJhG0/HQwtdgO3xqabaQY4QJVI=
=paFI
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list