Sorry I forgot to state that it is to encrypt file data on storage
devices such as disks, and tapes. I agree with your statement of
appearance, but im trying to get the folks the resources that they
need to do it correctly. They are currently in the design, and spec
phase of this, so now is the time to make sure there going down
the right track. I forgot about Schneier's "Applied Cryptography"!
I will point them to it as well. Any other words of wisdom would
be a big help.
David Gianndrea
Senior Network Engineer
Comsquared Systems, Inc.
Email: [EMAIL PROTECTED]
Web: www.comsquared.com
Victor Duchovni wrote:
On Tue, Oct 18, 2005 at 09:31:44AM -0400, David Gianndrea wrote:
I wonder if some one could point me to some high level document
that would describe where, and when you would use ECB, CBC, CFB, OFB
modes. I have some developers that are trying to include
encryption into some code, and there seems to be some confusion
among them.
There is no single right answer, and encryption alone in the hands of
developers who are not trained in security analysis most often only
achieves the *appearance* of security.
Encryption algorithms are used as part of a security "protocol", with
appropriate key management to address specific application security
requirements.
Encryption for transmission has different requirements from encryption
for storage. Authentication is different from confidentiality, ...
Introductory books like Schneier's "Applied Cryptography" are a good
start, but must not be treated as security "pixie dust". They do
explain modes, but knowing whether a proposed "protocol" achieves a
particular security goal is the real question, that requires a
real understanding of the threats and how the "protocol" addresses the
threats.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
