On May 19, 2008, at 3:15 PM, Florian Weimer wrote:
* Dirk-Willem van Gulik:Working with the original and some indication as to what pid, platform, keylen endianness, and .rnd, is useful - as that way it is possible to understand, reconstruct, spotcheck or verify in-situ - rather than having to build trust without easy verify.It's also trivial to recover the key material. For obvious reasons, I want to avoid that.
Given how trivial that is, and regardless, I'd rather see a focus on ensuring that the tools can be trusted, are absolutely complete and that such is relatively easy to verify.
Thanks, Dw