[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Servers Should Use a Secure Mix Algorithm
Colin Tuckley writes:
> While I have to agree with you on this in theory, I feel it's rather
> premature in practice for the following reasons:
>
> 1) Mixminion *is* still in alpha, there is a lot of testing going on
> and having the timed algorithm made that easier/quicker.
Using the timed algorithm, however, gives a falsely positive picture
of how the system performs. Applications using Mixminion should be
developed and tested using the real thing. If the system is not
usable with a real mix algorithm, then we need to solve that problem.
> 2) Using a "real" algorithm might make people think the system is
> secure. We shouldn't be encouraging that while we call the software
> "alpha".
The way to express that a system is not secure is to say "This system
is not secure", not by introducing weaknesses.
> If Nick thinks it's time for real algorithms then it's also time for
> the software to be Beta. (Comments Nick?)
It is actually quite reasonable to use a real mix algorithm during the
Alpha or even development phases. There's simply no other way to get
a feel for how the real system will perform.
> It would have been better if you had talked about this in public on
> the list *before* you unilateraly made the change.
My judgment was and is that it's time to move forward. We might as
well try the system out with a real mix. Mixminion is beautifully
designed, but we've never really tried it out.
> If you want to help with testing then please consider running
> miniontest to give the system a better workout.
I think this is the right approach.
In any event, Wiredyne is sticking with a real mix.
Peter