Re: Recommend AES Program, Please



On Jul 6, 3:04 pm, Kristian Gjøsteen <kristiag+n...@xxxxxxxxxxxx>
wrote:
Globemaker  <alanfolms...@xxxxxxxxxxxx> wrote:
I do not want "to do something it's not supposed to do". I want to get
software that lets me control the key and the mode. It is bizarre that
cryto enthusiasts fight against simple validation and basic test
vectors being successfully demonstrated.

No.  Most of us prefer fail-safe software.  If software allows users to
do something stupid, some user will do something stupid, and this being
security, he will not notice.  Such software should be discouraged.

If you are writing software and want to test your AES module, then test
the AES module, don't implement additional insecure functionality.

Not only that, but good crypto programs are open source and therefore
open to peer review. If I don't trust the AES in OpenSSL I can put
traces in the code and make sure it's doing what I think it's doing
(indeed I have done this, but not because I thought OpenSSL was broken
I was trying to reverse engineer the sslRSA format used in old private
keys).

The guys request is stupid. He could encrypt his articles with gpg -c
using a known password if he wants to encourage his users to a) use
crypto and b) use good crypto. But "globemaker" doesn't know squat
about cryptography [let alone enough to write a blog, sorry,
"magazine" worth reading].

Tom
.



Relevant Pages

  • Re: Whats so funny? WAS Re: rotor replacement
    ... > Applications that lack features force users to accept a limited feature ... crypto (an AES module distributed as a C extension with the beta test ... I do know that its author wanted an AES module in the core ...
    (comp.lang.python)
  • Re: strengthening /dev/urandom
    ... I want to be able to choose my own crypto. ... information-theoretic entropy than /dev/urandom. ... >to figure out what kind of attacker you do and don't need to worry about? ... want anyone forcing me to not do something stupid. ...
    (sci.crypt)
  • Re: Where *IS* Tom?
    ... Replying with insults to insults (e.g. the quote where you ... is too stupid to be doing crypto after all. ... Few months back I've read some of my 3-4 yr old posts in google news, ...
    (sci.crypt)
  • Re: Recommend AES Program, Please
    ... cryto enthusiasts fight against simple validation and basic test ... do something stupid, some user will do something stupid, and this being ... If you are writing software and want to test your AES module, ...
    (sci.crypt)
  • Re: Sony unveils next generation hash function
    ... I really don't know how secure it is. ... crypto and keeping things secret they tend to treat it ... there heads off how weak and stupid the Americans ... My Crypto code ...
    (sci.crypt)