Re: Recommend AES Program, Please
- From: Tom St Denis <tom@xxxxxxx>
- Date: Tue, 6 Jul 2010 18:18:03 -0700 (PDT)
On Jul 6, 3:04 pm, Kristian Gjøsteen <kristiag+n...@xxxxxxxxxxxx>
Globemaker <alanfolms...@xxxxxxxxxxxx> wrote:
I do not want "to do something it's not supposed to do". I want to get
software that lets me control the key and the mode. It is bizarre that
cryto enthusiasts fight against simple validation and basic test
vectors being successfully demonstrated.
No. Most of us prefer fail-safe software. If software allows users to
do something stupid, some user will do something stupid, and this being
security, he will not notice. Such software should be discouraged.
If you are writing software and want to test your AES module, then test
the AES module, don't implement additional insecure functionality.
Not only that, but good crypto programs are open source and therefore
open to peer review. If I don't trust the AES in OpenSSL I can put
traces in the code and make sure it's doing what I think it's doing
(indeed I have done this, but not because I thought OpenSSL was broken
I was trying to reverse engineer the sslRSA format used in old private
The guys request is stupid. He could encrypt his articles with gpg -c
using a known password if he wants to encourage his users to a) use
crypto and b) use good crypto. But "globemaker" doesn't know squat
about cryptography [let alone enough to write a blog, sorry,
"magazine" worth reading].
- Prev by Date: Re: Recommend AES Program, Please
- Next by Date: Re: Cryptography Currently on the Table.
- Previous by thread: Re: Recommend AES Program, Please
- Next by thread: Re: Recommend AES Program, Please