On 12/13/2009 09:13 AM, Ian G wrote:
Security is a risk-based business, not an absolute science.
I agree with this entire message. My comments here are just my own
postscript.
So far there's been talk about the marginal rewards from changing, but
not much talk about the risks. If implementors abandon their mature,
stable s2k code in favor of a new s2k algorithm, the implementors will
very likely be increasing the bug count in their s2k code. We hope
these bugs would get found quickly; however, there are no guarantees.
Those are two bottom-line truths we cannot get away from.
That doesn't mean components shouldn't be changed. It just means
components shouldn't be changed lightly. There needs to be an
engineering justification for changing the s2k algorithm, not just
"because it would be cool."