Alan Love wrote:
>
> Haya,
>
> I am new to the list and forgive me if this question
> had been asked before.
>
> Could anyone instruct me the detail procedure (or a
> website link) to incorporate self-developed
> cryptography algorithms in OpenSSL enviroment
> (different from those provided before as RC4 etc)? Has
> SSL set special Interface and other I/O requirements
> for it?
>
Why? IMHO, there is very little to be gained by
using an alternate, non-tested and non-verified
algorithm. For the reasons behind this opinion,
consider DCESS, the security algorithm that's supposed
to be implemented in digital phones, the Word or
WordPerfect document encryption algorithms.
All of these were privately developed and initially
relied on "Security by Obscurity" as their primary
strength advantage. As soon as they were reverse-
engineered (as they inevitably were) they were found
to be less than secure. I, for one, recognise that
I am unlikely to find the "next great advance in
encryption" and, as such, am happy to stick with
publicly published and tested algorithms. </mini-rant>
-Don
--
Don Gingrich Unix SysAdmin,Comp Sci Dept
RMIT - Melbourne, Australia
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
