MozillaZine

Crypto Ruling and Mozilla

Friday May 7th, 1999

With the latest ruling against crypto-export laws, some of you have been wondering how this applies to Mozilla (if at all). Well, we're not sure, but I bet there are a few developers that would be willing to enlighten us on this subject. If any of you know more about how this ruling affects Mozilla, please respond in the talkback to this item...


#17 Re:Crypto Ruling and Mozilla

by eeeeee3

Saturday May 8th, 1999 9:43 AM

You are replying to this message

It's more than just the fact that knowing the algorithm doesn't help in trying to crack it. It's a basic tenet of cryptography that you should assume the attackers know the method you chose. That's why the secrecy is really all in the key, if you relied on the secrecy of the algorithm then it wouldn't matter what your key was. In general it's been shown that trying to keep a method secret is a poor way to get security. Public methods and public source code mean less chance of flaws and backdoors in the implementation. Or doesn't anyone remember the embarrassment that happened to Netscape over its encryption code, and how it repented and promised to let others audit that code in the future?