crypto for the average programmer
Bill Stewart
bill.stewart at pobox.com
Sun Dec 18 01:05:29 EST 2005
At 03:34 PM 12/14/2005, ericm at lne.com wrote:
>An application programmer who is using PKCS1 doesn't even need to
>know the small amount of ASN.1 in the spec... libraries that
>implement RSA PKCS1 take care of the ASN.1 for the programmer.
This is in fact one reason that ASN.1 exploits
have been so wide-ranging when they've happened.
ASN.1 is a horrendously ugly mess, even uglier than PGP,
so almost everybody uses an existing library instead of
rolling their own or writing a new library for other users.
Major bugs aren't discovered often,
but everybody's pretty much using the same C code,
whether for SNMP or X.509 or whatever.
I don't know how many of the Java et al. versions
have rewritten it natively as opposed to importing
C libraries, which is probably more convenient.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list