Crypto Craft Knowledge
Ben Laurie
ben at links.org
Tue Feb 17 05:22:22 EST 2009
Stephan Neuhaus wrote:
> Many mistakes in crypto coding come from the fact that API developers
> have so far very successfully shifted the burden of secure usage to the
> application developer, the API user. But I believe this hasn't worked
> and needs to be changed.
I totally agree, and this is the thinking behind the Keyczar project
(http://www.keyczar.org/):
"Cryptography is easy to get wrong. Developers can choose improper
cipher modes, use obsolete algorithms, compose primitives in an unsafe
manner, or fail to anticipate the need for key rotation. Keyczar
abstracts some of these details by choosing safe defaults, automatically
tagging outputs with key version information, and providing a simple
programming interface.
Keyczar is designed to be open, extensible, and cross-platform
compatible. It is not intended to replace existing cryptographic
libraries like OpenSSL, PyCrypto, or the Java JCE, and in fact is built
on these libraries."
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list