The name of the game these days is to dress up a vuln/backdoor to make it appear as, "Oh, but it does xyz useful thing!" IMHO it's kind of dangerous to portray something pretty fucking insecure appear to be useful in any way. ME just needs to go away (or open sourced, which it appears legally it should be [slashdot.org]) so it can be fixed properly.
IMHO it's kind of dangerous to portray something pretty fucking insecure appear to be useful in any way
Well, that's pretty much what happens for everything that uses "crypto".
Vanishingly few people know how to implement any given crypto algorithm securely, but that doesn't stop companies from handing the spec to an intern and tell them to implement it in hardware.
I quite liked the cryptanalysis of Infineon's TPM's chip being along the lines of "The mistake is too stupid to have been malicious." I wish I could find the link...
Seems like (Score:2)
The name of the game these days is to dress up a vuln/backdoor to make it appear as, "Oh, but it does xyz useful thing!" IMHO it's kind of dangerous to portray something pretty fucking insecure appear to be useful in any way. ME just needs to go away (or open sourced, which it appears legally it should be [slashdot.org]) so it can be fixed properly.
Re:Seems like (Score:2)
IMHO it's kind of dangerous to portray something pretty fucking insecure appear to be useful in any way
Well, that's pretty much what happens for everything that uses "crypto".
Vanishingly few people know how to implement any given crypto algorithm securely, but that doesn't stop companies from handing the spec to an intern and tell them to implement it in hardware.
I quite liked the cryptanalysis of Infineon's TPM's chip being along the lines of "The mistake is too stupid to have been malicious." I wish I could find the link...