[Cryptography Team] Re: KryptOn MakoEnvelope
signedAndSealedFrom:to:object:
Matthew S. Hamrick
mhamrick at cryptonomicon.net
Tue Jan 10 17:12:42 CET 2006
I wonder if Paul was meaning to say, "I have a dread of crypto
implemented by people who have ONLY read Applied Crypto."
Also... the word "protocols" can be used in several different ways
here. The objective of introducing crypto bits to an environment or
application is to raise the general level of security. One thing we
learned from some of the early Netscape hacks was... even if the
crypto is done correctly and the networking protocol is implemented
correctly (okay... SSLv2 was broken by design, but we didn't know it
at the time...) Even if you do that correct, you can still have a
situation where you don't properly clean up after a sensitive
operation or use the random number generator incorrectly.
What I'm saying is that you also have to consider the "object
protocol" for which there is nothing to test against, only a set of
guidelines for implementing crypto for OO environments.
Also... as much as I love Laurie and Engschall and OpenSSL. And yes,
testing against a known good implementation is required... it's not
sufficient to ensure system security.
On 10 Jan 2006, at 06:30, Cees De Groot wrote:
> On 1/10/06, Paul Crowley <paul at lshift.net> wrote:
>> I'm going to sound like a curmudgeon when I say this, but I have a
>> real
>> dread of cryptography implemented by those who have read Applied
>> Cryptography, which provides just enough information to be dangerous,
>> and has in practice resulted in many cryptosystems which are buzzword
>> compliant ("256-bit AES!") and dangerously broken.
>>
> Err... I hope you dread this kind of crypto less than that written by
> (lay)people that haven't read the book at all :).
>
> In any case, your point is exactly the point that Schneier makes over
> and over again - if people ignore that point, they're beyond help.
>
> So if I implement crypto code, I use a) recommended protocols - lots
> of sound recommendations in the book, and b) test my implementation
> against an existing implementation (like openssl) with a handful of
> test messages. So, apart from a description of the protocol followed,
> I always like to see self-test code with a reference to where the test
> data was obtained.
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
> cryptography
More information about the Cryptography
mailing list