LibTomNet [v0.01]
Eric Rescorla
ekr at rtfm.com
Mon Jul 7 19:04:42 EDT 2003
tom st denis <tomstdenis at yahoo.com> writes:
> The lib uses RSA for key exchange [and the client may scrutinize the
> key before making the connection via a callback], AES-128-CTR [two
> different keys for each direction] and SHA1-HMAC. The niche of the lib
> is that my library compiles to a mere 10KB. Add SHA1, AES, HMAC, RSA
> and LTM and you get 60KB demo apps Ideally you should build LTC
> without mpi.o and link against both LTC and LTM.
>
> The lib does not implement any other protocol like SSH/SSL/TLS [etc].
>
> I have to mention this in good conscience. I ==>STRONGLY<== DISCOURAGE
> people from using this library in fielded systems. I've only been
> working on it for a day and I wouldn't be surprised if there were
> numerous bugs or points of attack [I've fixed a dozen since last
> night].
[Standard rant follows... :)]
I'm trying to figure out why this is a good idea even in principle.
I've seen <100k SSL implementations and that included the ASN.1
processing for certs. I would imagine that one could do a compliant
SSL implementation that used fixed RSA keys in roughly the same
code size as your stuff.
-Ekr
--
[Eric Rescorla ekr at rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list