Dnia Wed, Aug 04, 2010 at 04:50:28AM -0700, Vikas patial napisał(a): > hmm no replies ... > > For now im using Sosemanuk as a rng for my RSA key pair generation. I > pass the seed to the iv and the key of the stream cipher. > > Is that secure enough ?
No it is not. None, nil. Neither the very idea of "deterministic random" iv is. With all due respect, you need not endanger your software users claiming 'RSA, cryptograpy, strong ciphers etc' while your code data protection equals to poor man xors. For the primer readings I'd suggest: http://www.schneier.com/book-ce.html http://www.schneier.com/book-practical.html http://www.schneier.com/book-applied.html It takes some time to get accustomed to uneasy feeling that it is not enough to 'use RSA keys' or even use 'crypto components' to get data secure in the wild. As quick solution to your actual needs I think you should consider a solid and proven solution (lib,tool) external to your actual app, one that will do all that 'crypto mess' for you and your users: be it TLS, SSH, GnuPG or like. For securing data transfers you may look at http://curl.haxx.se/ > > On Aug 3, 1:24 pm, Vikas patial <[email protected]> wrote: Pozdrawiam, Ohir. -- Wojciech S. Czarnecki << ^oo^ >> OHIR-RIPE -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com.
