On 24 Feb 2010, at 22:57, Michael A. Crawford wrote: > Part of your response suggests that if there was an existing framework that > was openly available, it wouldn't do me any good because the bad guys would > have the source code.
I disagree. If it's based on a tried and tested (and occasionally formally verified) crypto system, knowing the algorithm doesn't lead to a crack. Weaknesses would come through bugs in the framework (or incorrect application of it), and the more people who can see the source the greater chance there is that good people as well as bad can find the issues. Good people fix 'em. Cheers, Graham. -- Graham Lee http://blog.securemacprogramming.com/ Coming soon - Professional Cocoa Application Security http://eu.wiley.com/WileyCDA/WileyTitle/productCd-0470525959.html _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
