From: Bruce Schneier <schneier@counterpane.com>
Date: Tue, 6 Jan 1998 10:53:42 +0800
To: cypherpunks@cyberpass.net
Subject: Re: Comparing PGP to Symantec's Secret Stuff
In-Reply-To: <v03007800b0bc0c9a7689@[198.115.179.81]>
Message-ID: <199801060247.UAA24711@mixer.visi.com>
MIME-Version: 1.0
Content-Type: text/plain



>	Having worked for those multinationals and defense
>contractors, I've seen them buy new products with serious weaknesses
>in key generation, with year 2000 problems, with stream ciphers used
>to protect stored data--keyed the same way each time.  I've seen them
>use code that sent cleartext where it should have been encrypting on
>the wire.

I second this.  The pitiful state of "secure code" is shocking.  (Actually,
I just wrote an essay on the topic.  Get a copy for yourself at:
http://www.counterpane.com/pitfalls.html.)

Bruce
**************************************************************************
* Bruce Schneier                 For information on APPLIED CRYPTOGRAPHY
* Counterpane Systems            2nd EDITION (15% discount and errata), 
* schneier@counterpane.com       Counterpane Systems's consulting services, 
* http://www.counterpane.com/    or the Blowfish algorithm, see my website.
**************************************************************************