In article gJfub.230766$Fm2.231960@attbi_s04,
"Paul Remde" wrote:
"Bruce Hoult" wrote in message
...
Public key cryptography was well known in 1994 when the Cambridge 10's
were used at the NZ pre-worlds, and in fact I *told* them at the time
that they should be using something like RSA instead of something
home-grown.

Yes, but doesn't the CAI system work?

Unfortunately we have no way of knowing, because the method used isn't
published. But essentially I believe it is a typical private key system
which relies on only trusted parties knowing the secret key. These
trusted parties include anyone writing software to upload flights (which
I suspect is the reason they would never give me the specs for writing
mac software), and authorized repair agents.


It is my impression that it is perfectly secure and has never been
compromised. So why suddenly call it "insecure".

Secure doesn't mean "hasn't (to our knowledge) been compromised". It
means "*can't* be compromised". If we didn't know how to do the latter
that would be a different matter, but we do.


And I'll ammend my earlier remarks. In 1994 when I was recommending RSA
to them I never imagined that they'd get to nearly 2004 before it became
an issue. So they may have made the correct commercial decision.

-- Bruce