[Cryptography Team] Re: KryptOn MakoEnvelope signedAndSealedFrom:to:object:

Paul Crowley paul at lshift.net
Tue Jan 10 15:11:57 CET 2006


Cees De Groot wrote:
> Personally, but I'm known to hold extreme opinions on some matters, I
> think that no-one should be allowed to implement any crypto code
> unless after reading Schneier's Applied Cryptography. Preferably not
> more than a day in advance :-)

I'm going to sound like a curmudgeon when I say this, but I have a real 
dread of cryptography implemented by those who have read Applied 
Cryptography, which provides just enough information to be dangerous, 
and has in practice resulted in many cryptosystems which are buzzword 
compliant ("256-bit AES!") and dangerously broken.

What is being attempted here is not merely implementation, but protocol 
design, and cryptographic protocol design is an extremely advanced and 
difficult science which should not be attempted by those who do not 
understand in detail the proofs that underlie constructions such as OCB 
mode or PSS.  Even those who do are prone to making dangerous mistakes; 
review by other experienced people is essential.  At a minimum, the 
cryptography in use should be documented in detail; it should not be 
necessary to refer to the source code to discover things like that ECB 
mode was used to encrypt the messages.

If at all possible, find an existing, well-respected standard and use that.

See http://diswww.mit.edu/bloom-picayune/crypto/14238 for some more 
curmudgeonly sentiment from Peter Gutmann on a related subject.
-- 
   [][][] Paul Crowley
     [][] LShift Ltd
   []  [] www.lshift.net


More information about the Cryptography mailing list