Ian Grigg <[EMAIL PROTECTED]> writes: >rhkelly wrote: >> Nelson Bolyard wrote: >> >>> Getting crypto protocols right is very difficult. Lots of "obvious" >>> and "simple" approaches are vulnerable to attacks. That is why NSS >>> encourages the use of vetted crypto protocols and does not encourage >>> roll-your-own crypto protocols. >> >> However, the fact remains that many applications (of which the >> one mentioned by the original poster might or might not be one) >> do require only one or two algorithms, to be included in the >> application build-base in source form. No such resource is >> readily available on the net - most crypto libraries (NSS >> included) are just a horrible mess from the software engineering >> point of view. Whether or not poor software engineering can >> still produce good security ought to be seriously examined.
>Peter Gutmann writes about this here: >http://www.cs.auckland.ac.nz/~pgut001/#design >(3rd bullet point, skip down, there are a bunch >of links). Actually I think the 5th bullet point, covering "Lessons Learned in Implementing and Deploying Crypto Software", might be more appropriate for this. >I had thought that NSS was designed to support >the activities of the applications in Mozilla. >If that's the case, it won't be surprising that >it isn't easy to use it as a general purpose >crypto library. The differences are many... If it's a nice layered implementation where the higher layers build on the lower ones (e.g. SSL and S/MIME on PKCS #1 and 3DES-CBC, etc) you can support both. A problem with this (covered in "Lessons Learned") is that way too many people think they can roll their own using the low-level interface ("It's just 3DES encryption, how hard can it be?"). In the cryptlib docs I warn users that if they don't know what an IV is they shouldn't be using the low-level interface, but it only works some of the time (the inevitable followup to the IV warning will be user email asking "Why are the first 8 bytes of decrypted data corrupt?"). Having said that, something like libtomcrypt will provide a fairly low-level interface for people who need that, and the library itself is very compact. Peter. _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
