crypto for the average programmer

James A. Donald jamesd at echeque.com
Mon Dec 12 13:18:48 EST 2005 

    --
From: "Whyte, William" <WWhyte at ntru.com>
> Check the standards.
>
> The RSA PKCS#1 standard, which are free, describe how 
> to do RSA securely and summarize known security 
> results. 
> http://www.rsasecurity.com/rsalabs/node.asp?id=2124. 
> Don't use PKCS#3-style Diffie Hellman; it's been 
> superseded by the versions in ASC X9.42 and IEEE Std 
> 1363-2000.
>
> The Standards for Efficient Cryptography Group 
> (www.secg.org) publishes SEC1, which describes how to 
> do Elliptic curve algorithms securely. The standard is 
> free to download, but note that some techniques in it 
> have licensing requirements.
>
> NIST, in its series of FIPS standards and Special 
> Publications, has defined federal standards for 
> digital signatures and modes of operation for 
> symmetric ciphers, and is moving towards standardizing 
> key exchange mechanisms based on public key 
> algorithms. Those standards are also free, though they 
> sometimes reference non-free standards.

Of course most of this has already been incorporated in 
standard crypto libraries, such as CryptoPP, and does 
not need to be rewritten.

Be warned, however, that if you faithfully follow a 
standard without comprehending why the standard is the 
way that it is, you will probably screw it up, because 
you will not really understand what faithfullness is.

In practice, it is frequently necessary to roll your own 
damned standards, and in practice, people who roll their 
own damned standard frequently get them wrong.  For 
example SSH had to be SSH, it could not be SSL, and the 
first version of SSH was, predictably, wrong.  Similarly 
the first version of Wifi used WEP, which contained 
errors that should have been spotted, but were not. They
had to roll their own, because they needed to solve a
particular problem which was not the same as the 
problems that other standards solve.

You should, however, never roll your own damned standard
without good reason. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     TXXgVeLZjViyf6+f7NQt7WCs7MzxO/j25GYLXcEg
     4js14nleizkni3mC38n+4rk2r07+4mylYuP2+UnlI



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list