[Cryptography Team] Re: KryptOn MakoEnvelope
signedAndSealedFrom:to:object:
Paul Crowley
paul at lshift.net
Tue Jan 10 15:11:57 CET 2006
Cees De Groot wrote:
> Personally, but I'm known to hold extreme opinions on some matters, I
> think that no-one should be allowed to implement any crypto code
> unless after reading Schneier's Applied Cryptography. Preferably not
> more than a day in advance :-)
I'm going to sound like a curmudgeon when I say this, but I have a real
dread of cryptography implemented by those who have read Applied
Cryptography, which provides just enough information to be dangerous,
and has in practice resulted in many cryptosystems which are buzzword
compliant ("256-bit AES!") and dangerously broken.
What is being attempted here is not merely implementation, but protocol
design, and cryptographic protocol design is an extremely advanced and
difficult science which should not be attempted by those who do not
understand in detail the proofs that underlie constructions such as OCB
mode or PSS. Even those who do are prone to making dangerous mistakes;
review by other experienced people is essential. At a minimum, the
cryptography in use should be documented in detail; it should not be
necessary to refer to the source code to discover things like that ECB
mode was used to encrypt the messages.
If at all possible, find an existing, well-respected standard and use that.
See http://diswww.mit.edu/bloom-picayune/crypto/14238 for some more
curmudgeonly sentiment from Peter Gutmann on a related subject.
--
[][][] Paul Crowley
[][] LShift Ltd
[] [] www.lshift.net
More information about the Cryptography
mailing list