Hello everyone, I have been writing code to secure my client-server application. It has been almost a year now, since I entered the world of OpenSSL. I have been reading about key exchange, symmetric ciphers, certificates etc. and for that matter I have used all this in the code through the APIs provided by OpenSSL. but one question that has been coming to mind since quite some time is: "Is securing your communication channel so simple?"
Choosing a good size key, selecting a good algorithm ... is that all? It sounds too simple to be true. So, what does it really take to secure your communication channel? (at this point, I am not talking about securing application, as I believe that it has much vast scope). Just having a long key doesn't seem to be sufficient, right? Could someone point me to the literature that I have not read yet? which explains pitfalls when it comes to securing the communication? Am I the only one with this question? or did others also have this doubt? Thanks for all the support I have got from this group, ~ Urjit DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
