Nelson Bolyard wrote:
Getting crypto protocols right is very difficult. Lots of "obvious" and "simple" approaches are vulnerable to attacks. That is why NSS encourages the use of vetted crypto protocols and does not encourage roll-your-own crypto protocols.
However, the fact remains that many applications (of which the one mentioned by the original poster might or might not be one) do require only one or two algorithms, to be included in the application build-base in source form. No such resource is readily available on the net - most crypto libraries (NSS included) are just a horrible mess from the software engineering point of view. Whether or not poor software engineering can still produce good security ought to be seriously examined.
Peter Gutmann writes about this here:
http://www.cs.auckland.ac.nz/~pgut001/#design (3rd bullet point, skip down, there are a bunch of links).
Here's a list of available libraries, I don't know how up to date it is:
http://www.homeport.org/~adam/crypto/index.html
I had thought that NSS was designed to support the activities of the applications in Mozilla. If that's the case, it won't be surprising that it isn't easy to use it as a general purpose crypto library. The differences are many...
iang _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
