2009/2/18 Ger Hobbelt <g...@hobbelt.com>: > On Tue, Feb 17, 2009 at 11:30 PM, Victor Duchovni > <victor.ducho...@morganstanley.com> wrote: >>> Why are you trying to enforce the idea of cryptography as a black box, >>> rather than something that people should learn about? >> >> Because in amost all cases that's exactly the right advice. > > Well, yes, about the 'almost' you are spot on, but generally those > 'situations' already start out with the initial question hinting > someone is already busy 'improving / inventing' stuff and now wonders, > after the first few lines he wrote, what the heck this magic wand > called a compiler is doing to his code. > > No indication of that this time around (and yes, I know my judgement > module is flawed). > > Besides, ponder your own words: > >> The cryptography learning that is sufficient and desirable is from books >> such as "Applied Cryptography" which cover protocols and algorithms >> at a high level. Studying the implementation or creating ones own > > vvvv >> implementation is for experts who don't need to ask questions, or ask >> sufficiently interesting questions that it is clear they are experts. > ^^^^ > > it takes some serious effort to attain the level of 'expert'. > (a) won't know 'silly' until you've offered your question for review > by a certified master (you can't validate yourself, nor can your > 'peers'). How would you know you're getting to that expert level yet, > when asking questions is very much frowned up: "I heard a noise... > ba-a-a-a-ad student!" <whack!> Now that's an education system I'd > gladly see installed in the Netherlands. > > (b) who is going to show them how those 'high level' abstractions are > actually to be implemented in production software? (I asked this once > about database *engines* and got a similar answer: "we don't answer > that; you'll know by the time you're an expert". Well, in my mind, I > still keep a few car tires on reserve to serve Mandela style, just for > the ones who gave that answer. Those men thus told me two things about > themselves that time right there, and on my ethics scale, the both of > 'em scored rock bottom on both accounts.) > > (c) and quite importantly, no joke: I appreciate it when people try to > understand, show they've got to some point (initial effort) and then > ask to doublecheck their guesses or request a hint where it goes from > here. Better than staying quiet and screwing up. I may have learned to > learn in a rather 'quiet' way, but that doesn't make me enforce others > to do the same - though that would make life so much easier: for me, > that is. > > After all, we don't all learn 'quietly'; it's not always the optimal > protocol. ;-) > What's the difference between a student and a master, when there's no > talk (questions) permitted? (I love cats too much, so I'm sure we can > spare a few students for that Schroedinger box: without looking (the > noise they make), how do we know if there's a master (right spin) or a > student (left spin) in there? Tough call.) > > > Alas, apparently I'm not the only who was having his Grumpy Day today. :-) > > > > So, carry on, ask the questions and I'm sure they'll get answered, > time, knowledge and energy permitting. > > -- > Met vriendelijke groeten / Best regards, > > Ger Hobbelt > Dear all: I appreciate your kind help :) I have a homework to take aes for encryption and description. so far what I have to do is familiar aes flowchart and next I may to implement aes 192 or 256 plaintext encrypt and dexcrypt. I have no idea where I can get any document about EVP calling procedure, so I open aes folder directly and see how the parameters pass to aes_encrypt. I find they seems only use 128 bits plaintext.
Is there sample code or ducument I can realize how to use EVP? thanks for yoru help, miloody ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
