the article on http://tech.163.com/06/0307/09/2BJPPQE200091QGF.html blablas a lot of things and tries to fool the readers with lots for jargons and seems professional terms and diagrams. And it also uses IEEE to support itself, while I personally don't think IEEE is the entity that is willing to back up it.
The article tried to hide an essential part. Which is " what is the cryptographic algorithm used in WAPI?" The answer to this is " a symmetric encryption algorithm which is KEPT SECRET, and is authorized only to a number of chinese firms. It's very clear from eithe theortic point of view or other concerns that trusting a unopen alogorithm is essentially unsafe. You will not be told if there is a back-door of the algorithm that a certain party can make use of to decrypt you data. Which is very likely to happen in China.
As the core of the authenticaion process has such a flaw, I personally don't trust it and object to use it as a compulsary and "ONLY" infrastructure, unless the government agrees to disclose the encryption, decryption algorithm and put it to a public / academic test. There are a group of top experts in Shan Dong uni. that can help to verify the strength and it should be published world wide.
This is also the major point that foreign experts raises debates over WAPI. But unfortunately non of the domestic article (as far as collected by google china) has a comment on it and point out this issue. The WAPI on WIKI presents both debates. -- I am not sure if it's accessible from inside mainland.
I will refused to used a WAPI based system for transmitting my data.
There is also a news says that the algorithm will be published. But interestingly, the action of cutting the cake begins before the algorithm is published and undertaken public test. How if the algorithm has flaw and can be decrypted easily?
"
The WAPI standard requires the use of a secret symmetric encryption algorithm[1]. Many cryptography experts argue that keeping a cryptographic algorithm secret is unsafe since it means that the algorithm cannot be peer reviewed
"
"
The law was one of six design principles laid down by Kerckhoffs for military ciphers. Translated from the French, they are:
The system must be practically, if not mathematically, indecipherable;
It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience;
Its key must be communicable and retainable without the help of written notes, and changeable or modifiable at the will of the correspondents;
It must be applicable to telegraphic correspondence;
It must be portable, and its usage and function must not require the concourse of several people;
Finally, it is necessary, given the circumstances that command its application, that the system be easy to use, requiring neither mental strain nor the knowledge of a long series of rules to observe.
没有评论:
发表评论