[7664] in cryptography@c2.net mail archive
Re: Book on cryptography for programmers
daemon@ATHENA.MIT.EDU (Michael Paul Johnson)
Fri Aug 11 17:56:01 2000
Message-Id: <4.3.2.7.2.20000811142415.00bca8f0@ebible.org>
Date: Fri, 11 Aug 2000 14:31:44 -0600
To: dmolnar <dmolnar@hcs.harvard.edu>, John R Levine <johnl@iecc.com>
From: Michael Paul Johnson <mpj@ebible.org>
Cc: cryptography@c2.net
In-Reply-To: <Pine.OSF.4.05.10008111559270.3040-100000@hcs.harvard.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
At 04:00 PM 8/11/00 -0400, dmolnar wrote:
>On Fri, 11 Aug 2000, John R Levine wrote:
>
>> * Don't try to invent a new crypto systems. Amateurs can't write secure
>> crypto systems, as often as not professionals can't either.
>
>By the way, I would extend this to include "don't try to write your
>own new crypto code, unless you really, really have to."
>Also something on how to find and use test vectors.
Good suggestions. Actually, I think that rather than a flat-out "don't try to write your own," a listing of what it takes to do it right, together with pointing out the existence of free or inexpensive libraries that already do what you want to do, should be most effective. The same goes for cipher design. Some people actually do it well, but only after they have studied what was done before, tried cracking a few, etc.
I'd really like to get people to think about sensitive data life cycles, too. Good cryptography can be so easy to defeat with simple blunders in applications.
_______
Michael Paul Johnson
mpj@eBible.org http://ebible.org/mpj
