On Tue, 2002-11-26 at 17:08, Anton Zinoviev wrote:
As far as I know there is no known cryptography algorithm which is mathematically proven to be secure. We only expect them to be secure. If the algorithm is good, then it is difficult to crack it, but if it is also not known, then this is even more difficult. Secret algorithms also make the system a little bit more secure against human mistakes, say weak passwords.
Sorry, but this is a common mistaken position. A secret algorithm does not add anything to the security of the algorithm itself. The only thing you gain is a false sense of security and miss lot of eyes that look and try to break the algorithm for legit purposes and research (such activity has the side effect to make algorithms better and can be performed only with public algorithms). And about weak password it does not add anything at all, weak password will stay weak, any people that have access to the coding program (binary only or with source code available) can use it and abuse weak password. Also remember that a binary module does not mean secret code, it means only obfuscated code, it can be reverse engineered by evils and weakness found. No matter if the law prohibit reverse engineering of such modules, people that want to commit fraud does not stop because they break yet another law, instead honest people will be left without any means to check the effective security of what they are forced to use. (It the same thing of the DMCA/EUCD about prohibition to circumvent DRMs, it will never stop big volume "pirates", it will only harm users)
If the law is an obstacle you can try to live with LGPLed software that use closed modules if you find no other way.
Sometimes I have proposed to make free programs that use plugins, distribute them together with several free plugins, but use them with a private plugin.
LGPL license is an acceptable workaround in such situations.
Simo.