RE: [Algorithms] Message signature in token ring
Brought to you by:
vexxed72
Menu
▾
▴
RE: [Algorithms] Message signature in token ring
|
From: Casey M. <gd...@fu...> - 2003-04-16 06:53:13
|
> However, I would like to very strongly restate my observation that you > really really really shouldn't be doing this yourself. It's easy to get > wrong even for an expert in crypto algorithms (and, no offense, but it > doesn't sound like you are an expert). Any decent OS will provide > perfectly good implementations of these core algorithms (for example, > the Crypto API in Windows), I highly recommend you use them. It doesn't seem to make much sense to use built-in OS encryption rather than a freely available or commercial 3rd party one with source, because 1) You can't proof or verify code you have only in binary form, 2) You can't port or ensure interoperability between platforms if you have to rely on the encryption native to each platform, 3) Um, how many times a year do they find gaping security holes in Windows? Why would we assume that an OS cryptography layer is magically all that great? - Casey |
