I wonder if Paul was meaning to say, "I have a dread of crypto implemented by people who have ONLY read Applied Crypto."
Also... the word "protocols" can be used in several different ways here. The objective of introducing crypto bits to an environment or application is to raise the general level of security. One thing we learned from some of the early Netscape hacks was... even if the crypto is done correctly and the networking protocol is implemented correctly (okay... SSLv2 was broken by design, but we didn't know it at the time...) Even if you do that correct, you can still have a situation where you don't properly clean up after a sensitive operation or use the random number generator incorrectly.
What I'm saying is that you also have to consider the "object protocol" for which there is nothing to test against, only a set of guidelines for implementing crypto for OO environments.
Also... as much as I love Laurie and Engschall and OpenSSL. And yes, testing against a known good implementation is required... it's not sufficient to ensure system security.
On 10 Jan 2006, at 06:30, Cees De Groot wrote:
On 1/10/06, Paul Crowley paul@lshift.net wrote:
I'm going to sound like a curmudgeon when I say this, but I have a real dread of cryptography implemented by those who have read Applied Cryptography, which provides just enough information to be dangerous, and has in practice resulted in many cryptosystems which are buzzword compliant ("256-bit AES!") and dangerously broken.
Err... I hope you dread this kind of crypto less than that written by (lay)people that haven't read the book at all :).
In any case, your point is exactly the point that Schneier makes over and over again - if people ignore that point, they're beyond help.
So if I implement crypto code, I use a) recommended protocols - lots of sound recommendations in the book, and b) test my implementation against an existing implementation (like openssl) with a handful of test messages. So, apart from a description of the protocol followed, I always like to see self-test code with a reference to where the test data was obtained. _______________________________________________ Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ cryptography