Re: Storing user information as RC4 - safe?

Neo <neoscandal@xxxxxxxxx> writes:
Uh, yes, we notice that you are new. DO not use the crypt API calls.
Microsoft is notoriously incompetent at implimenting crypto-- they
have got it wrong far too often, and their source code is not public
source, which means that their incompetence is also hidden.
Use some public source code for crypto. libcrypt, libtomcrypt,... they
are all libraries of cryptography which are open source and have been
vetted by competent cryptographers, unlike Microsoft's products.

Is this for real??... I had thought of using the .Net library calls in my
crypt project.

I don't think it's good advice. There are plenty of reasons to not
trust Microsoft to do anything right, but if you want to go that
route, the only thorough approach is to not use Windows at all.

Once you've decided to use Windows, you're already in the Microsoft
soup, and using someone else's crypto won't get you out of it. Using
Windows and the CAPI calls puts you in about the same place as just
using Windows.

Remember too that CAPI doesn't necessarily mean you're using Microsoft
crypto primitive implementations. Windows crypto services use a
plug-in architecture so you can use someone else's implementation
(called a Crypto Service Provider or CSP, basically a special type of
DLL). For example, many hardware encryption products like smart cards
have CSP's that you call through the CAPI.
.

Relevant Pages

  • Re: Open Letter/Challenge to Darth Gates
    ... > Microsoft Corporation ... > the new MVP source code entitlement program. ... > members of the Windows development team or not? ... > You are of course expected to sanitise the source trees - we don't want ...
    (alt.os.linux)
  • Sound like busy days for anti-virus folkes ?
    ... ferociously downloading pirate versions of Microsoft ... Thursday that parts of its valuable source code for its ... Windows NT and Windows 2000 operating systems had been ... an information security specialist who ...
    (microsoft.public.security)
  • RE: Source Code
    ... of Microsoft coders, but is with the preceding code on which NT was based, ... It is also perfectly true that Windows 9x is a far more secure OS. ... I now ask Microsoft how long will it be before Microsoft has new ... operating systems with new source code. ...
    (microsoft.public.security)
  • Re: XP SP2 - Statement of the NTBugtraq list
    ... > how hard it is for even us to get information and builds from Microsoft, ... I work very closely with the Microsoft Windows ... Including the XP SP2 ... large is the XP source code these days? ...
    (NT-Bugtraq)
  • RE: [Full-Disclosure] Microsoft Coding / National Security Risk
    ... > functionality in a core component used widely across the OS. ... I think the Windows source code has grown to a size that is hard even ... > Microsoft have stated that to make the source code for Windows publically ...
    (Full-Disclosure)