On Tue, Oct 18, 2005 at 09:31:44AM -0400, David Gianndrea wrote:
> I wonder if some one could point me to some high level document
> that would describe where, and when you would use ECB, CBC, CFB, OFB
> modes. I have some developers that are trying to include
> encryption into some code, and there seems to be some confusion
> among them.
>
There is no single right answer, and encryption alone in the hands of
developers who are not trained in security analysis most often only
achieves the *appearance* of security.
Encryption algorithms are used as part of a security "protocol", with
appropriate key management to address specific application security
requirements.
Encryption for transmission has different requirements from encryption
for storage. Authentication is different from confidentiality, ...
Introductory books like Schneier's "Applied Cryptography" are a good
start, but must not be treated as security "pixie dust". They do
explain modes, but knowing whether a proposed "protocol" achieves a
particular security goal is the real question, that requires a
real understanding of the threats and how the "protocol" addresses the
threats.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
