le 2001/10/26 16:07, tedd à tedd@... a écrit :

> I'm not sure that I agree with that statement. Surely, the inventor
> of PGP (Pretty Good Protection) didn't followed that dark-side logic.
> Also, PGP source code is available in C -- you can search for it via
> Sherlock.

if you go to the ibm site and furrage around a little you can find the
article that heather quotes [it's in seven parts and they're all
interesting], the author specifically contrasts the likes of pgp with 'home
grown' solutions, so while crypto has to be 'grown' in some 'home', the
heavy solutions are excluded.

i would hasard that by home grown the author implies, making your own
algorithms, as opposed to published and publicly available algorithms, and
then their implementation in source code.

for a small home project, with no critical or private details [ie, a simple
registration 'lock'] i would have no qualms about using a solution developed
by yourself. the effort involved in cracking it would not be worth the $8
registration fee [unless the cracker had an extremely low hourly rate :-) ].
however if it comes to entrusting personal, medical or financial info to a
system, i'd prefer a peer-reveiwed, trusted and tried method.

i believe that was all that was implied.

´:-j

see: <http://www-106.ibm.com/developerworks/library/s-crypt07.html>
ps. thanks for the source, heather.