At 04:00 PM 8/11/00 -0400, dmolnar wrote:
>On Fri, 11 Aug 2000, John R Levine wrote:
>
>> * Don't try to invent a new crypto systems. Amateurs can't write secure
>> crypto systems, as often as not professionals can't either.
>
>By the way, I would extend this to include "don't try to write your
>own new crypto code, unless you really, really have to."
>Also something on how to find and use test vectors.
Good suggestions. Actually, I think that rather than a flat-out "don't try to write
your own," a listing of what it takes to do it right, together with pointing out the
existence of free or inexpensive libraries that already do what you want to do, should
be most effective. The same goes for cipher design. Some people actually do it well,
but only after they have studied what was done before, tried cracking a few, etc.
I'd really like to get people to think about sensitive data life cycles, too. Good
cryptography can be so easy to defeat with simple blunders in applications.
_______
Michael Paul Johnson
[EMAIL PROTECTED] http://ebible.org/mpj
