Peter Gutmann writes about this here:
http://www.cs.auckland.ac.nz/~pgut001/#design (3rd bullet point, skip down, there are a bunch of links).
Which is *exactly* what is wrong. Gutmann complains:
'The determined programmer can produce snake oil using any crypto tools...'
and goes on and on with his theme about the design, devices, policies etc., that would make it impossible for the above to happen; i.e., no matter how ignorant the programmer, once he uses the 'right' crypto library, all his apps should be perfectly secure. Indeed, in the same paper he concludes:
[crypto API should be] ...at the highest possible level, in order to prevent users (i.e., application programmers,rk) from injuring themselves...
This fallacy has taken the design of crypto libraries way too far into the territory where, IMHO, they attempt to do not only more than they should, but more then they ever could.
As the libraries grow ever more complex, incompetent programmers keep merrily producing apps with ever larger security holes, while treating their (application software) users as idiots, i.e., the same way Gutmann would treat them. It is therefore no wonder that application software full of security holes is nicely complemented by users who neither understand their threat/security model, nor put any effort into actively managing it.
We are not getting ahead of this game.
Roger K.
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
