[19214] in cryptography@c2.net mail archive
RE: crypto for the average programmer
daemon@ATHENA.MIT.EDU (Whyte, William)
Mon Dec 12 11:54:53 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 12 Dec 2005 10:47:44 -0500
From: "Whyte, William" <WWhyte@ntru.com>
To: "Travis H." <solinym@gmail.com>, <cryptography@metzdowd.com>
> In Peter Gutmann's godzilla cryptography tutorial, he has some really
> good (though terse) advice on subtle gotchas in using DH/RSA/Elgamal.=20
> I learned a few no-nos, such as not sending the same message to 3
> seperate users in RSA (if using 3 as an encryption exponent).
> My question is, what is the layperson supposed to do, if they must use
> crypto and can't use an off-the-shelf product?=20
Check the standards.
The RSA PKCS#1 standard, which are free, describe=20
how to do RSA securely and summarize known security results.=20
http://www.rsasecurity.com/rsalabs/node.asp?id=3D2124. Don't use
PKCS#3-style Diffie Hellman; it's been superseded by the=20
versions in ASC X9.42 and IEEE Std 1363-2000.
The Standards for Efficient Cryptography Group (www.secg.org)
publishes SEC1, which describes how to do Elliptic curve algorithms
securely. The standard is free to download, but note that some=20
techniques in it have licensing requirements.
NIST, in its series of FIPS standards and Special Publications, has =
defined=20
federal standards for digital signatures and modes of operation for =
symmetric=20
ciphers, and is moving towards standardizing key exchange mechanisms =
based
on public key algorithms. Those standards are also free, though they
sometimes reference non-free standards.
Other standards groups, such as the IEEE P1363 Working Group (which I =
chair
-- http://grouper.ieee.org/groups/1363/) and the ASC X9F1 working group=20
for cryptographic techniques for the financial services industry, =
publish=20
(for purchase) standards for secure use of other public-key algorithms.=20
1363 is currently working on=20
- Lattice-based cryptography, such as NTRU (who I work for)
- Password-based public key techniques such as SPEKE, SRP, etc
- A revision of the 1363-2000 standard.
A lot of the documents relevant to these projects are available for
free off the site. X9 is working on a wider range of projects, but
your company has to be an X9 member for you to access them.
> Is there any site
> tracking such gotchas as they show up in the literature?
Rather than tracking gotchas minute-by-minute it's probably best
to use existing standards.
Cheers,
William
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
