Free software and public administrations?

• Previous message (by thread): Free software and public administrations?
• Next message (by thread): Free software and public administrations?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2002-11-26 at 17:08, Anton Zinoviev wrote:
> As far as I know there is no known cryptography algorithm which is
> mathematically proven to be secure.  We only expect them to be secure.
> If the algorithm is good, then it is difficult to crack it, but if it
> is also not known, then this is even more difficult.  Secret
> algorithms also make the system a little bit more secure against human
> mistakes, say weak passwords.

Sorry, but this is a common mistaken position.
A secret algorithm does not add anything to the security of the
algorithm itself.
The only thing you gain is a false sense of security and miss lot of
eyes that look and try to break the algorithm for legit purposes and
research (such activity has the side effect to make algorithms better
and can be performed only with public algorithms).
And about weak password it does not add anything at all, weak password
will stay weak, any people that have access to the coding program
(binary only or with source code available) can use it and abuse weak
password. Also remember that a binary module does not mean secret code,
it means only obfuscated code, it can be reverse engineered by evils and
weakness found. No matter if the law prohibit reverse engineering of
such modules, people that want to commit fraud does not stop because
they break yet another law, instead honest people will be left without
any means to check the effective security of what they are forced to
use. (It the same thing of the DMCA/EUCD about prohibition to circumvent
DRMs, it will never stop big volume "pirates", it will only harm users)

> > If the law is an obstacle you can try to live with LGPLed software that
> > use closed modules if you find no other way.
> 
> Sometimes I have proposed to make free programs that use plugins,
> distribute them together with several free plugins, but use them with
> a private plugin.

LGPL license is an acceptable workaround in such situations.

Simo.

-- 
Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l.
via Durando 10 Ed. G - 20158 - Milano
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fsfe.org/pipermail/discussion/attachments/20021126/af3b2a57/attachment.sig>

• Previous message (by thread): Free software and public administrations?
• Next message (by thread): Free software and public administrations?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]