crypto for the average programmer
James A. Donald
jamesd at echeque.com
Mon Dec 12 13:18:48 EST 2005
--
From: "Whyte, William" <WWhyte at ntru.com>
> Check the standards.
>
> The RSA PKCS#1 standard, which are free, describe how
> to do RSA securely and summarize known security
> results.
> http://www.rsasecurity.com/rsalabs/node.asp?id=2124.
> Don't use PKCS#3-style Diffie Hellman; it's been
> superseded by the versions in ASC X9.42 and IEEE Std
> 1363-2000.
>
> The Standards for Efficient Cryptography Group
> (www.secg.org) publishes SEC1, which describes how to
> do Elliptic curve algorithms securely. The standard is
> free to download, but note that some techniques in it
> have licensing requirements.
>
> NIST, in its series of FIPS standards and Special
> Publications, has defined federal standards for
> digital signatures and modes of operation for
> symmetric ciphers, and is moving towards standardizing
> key exchange mechanisms based on public key
> algorithms. Those standards are also free, though they
> sometimes reference non-free standards.
Of course most of this has already been incorporated in
standard crypto libraries, such as CryptoPP, and does
not need to be rewritten.
Be warned, however, that if you faithfully follow a
standard without comprehending why the standard is the
way that it is, you will probably screw it up, because
you will not really understand what faithfullness is.
In practice, it is frequently necessary to roll your own
damned standards, and in practice, people who roll their
own damned standard frequently get them wrong. For
example SSH had to be SSH, it could not be SSL, and the
first version of SSH was, predictably, wrong. Similarly
the first version of Wifi used WEP, which contained
errors that should have been spotted, but were not. They
had to roll their own, because they needed to solve a
particular problem which was not the same as the
problems that other standards solve.
You should, however, never roll your own damned standard
without good reason.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
TXXgVeLZjViyf6+f7NQt7WCs7MzxO/j25GYLXcEg
4js14nleizkni3mC38n+4rk2r07+4mylYuP2+UnlI
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list