Re: Software encryption

Subject: Re: Software encryption
From: "Sandy Harris" <sharris -at- dkl -dot- com>
To: GERRIOR Suzanne <GERRIORS -at- iata -dot- org>
Date: Thu, 10 Feb 2000 15:28:42 -0500

GERRIOR Suzanne wrote:

> Does anyone have any experience using encryption software?

Using, documenting, a bit of work on attacking and designing, ...
My glossary and web reference docs for crypto are:

http://www.freeswan.org/freeswan_trees/freeswan-1.3/doc/glossary.html
http://www.freeswan.org/freeswan_trees/freeswan-1.3/doc/links.crypto.html

Contact me off-list if that looks useful.

> My question is can anyone recommend an encryption software ...

Not to rain on your parade, but look out for bogus crypto. There is
a lot of it out there, partly because of dumb export laws preventing
use of better crypto,
http://www.freeswan.org/freeswan_trees/freeswan-1.3/doc/exportlaws.html

partly because this stuff is just hard:
http://www.counterpane.com/whycrypto.html

and partly because where most defects in software show up as things
the user can see and will complain about, bogus crypto appears just
fine; you may never know it is insecure or has been broken.

In fact bogus crypto is so common that the term "snake oil" is part
of any cryptographer's lexicon. Two papers with that phrase in the
title are:

One by Schneier:
http://www.counterpane.com/crypto-gram-9902.html#snakeoil

The snake oil FAQ:
http://www.interhack.net/people/cmcurtin/snake-oil-faq.html

I'd recommend a look at both.




Previous by Author: Re: FW: HTML file question
Next by Author: Typo of the week (was How much is too much?...)
Previous by Thread: Software encryption
Next by Thread: diagram callouts


What this post helpful? Share it with friends and colleagues:


Sponsored Ads