On Wed, Jan 7, 2015 at 1:26 PM, Kevin <kevinsisco61...@gmail.com> wrote:
> Any company could review it and decide if it's worth using or not. Ok, lets run with that - as a company, show me the steps (make file, a test suite in any programming language, or just english if you prefer), explain to me the steps one would go through to verify your crypto isn't battshit crazy? There have discussions about frameworks to test crypto on this list and iirc a few exist but I haven't gone though the time to figure out how to implement something. So, if you (or anyone else) has a verification method, I'm all ears. And, I'm not the smartest one (on this list or even the smartest sysadmin) but if I don't know, I wouldn't expect at least the majority of other devs/admins to know how to verify your crypto past the simplest code review (I wouldn't have a clue how to besides fuzzing some stuff from the outside). Hence I say, it's a mistake to publish any toy you want to call "crypto". _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography