[144245] in cryptography@c2.net mail archive
Re: Crypto Craft Knowledge
daemon@ATHENA.MIT.EDU (Ben Laurie)
Fri Feb 20 12:20:27 2009
Date: Tue, 17 Feb 2009 10:22:22 +0000
From: Ben Laurie <ben@links.org>
To: Stephan Neuhaus <neuhaus@mail.st.cs.uni-sb.de>
CC: David Molnar <dmolnar@eecs.berkeley.edu>,
Cryptography <cryptography@metzdowd.com>
In-Reply-To: <C1D44D60-A6A3-497D-8CBA-F1F30CD95F92@st.cs.uni-sb.de>
Stephan Neuhaus wrote:
> Many mistakes in crypto coding come from the fact that API developers
> have so far very successfully shifted the burden of secure usage to the
> application developer, the API user. But I believe this hasn't worked
> and needs to be changed.
I totally agree, and this is the thinking behind the Keyczar project
(http://www.keyczar.org/):
"Cryptography is easy to get wrong. Developers can choose improper
cipher modes, use obsolete algorithms, compose primitives in an unsafe
manner, or fail to anticipate the need for key rotation. Keyczar
abstracts some of these details by choosing safe defaults, automatically
tagging outputs with key version information, and providing a simple
programming interface.
Keyczar is designed to be open, extensible, and cross-platform
compatible. It is not intended to replace existing cryptographic
libraries like OpenSSL, PyCrypto, or the Java JCE, and in fact is built
on these libraries."
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
