RE: [Algorithms] Message signature in token ring
Brought to you by:
vexxed72
Menu
▾
▴
RE: [Algorithms] Message signature in token ring
|
From: Tony C. <to...@mi...> - 2003-04-16 14:32:49
|
>It doesn't seem to make much sense to use built-in OS encryption rather >than a freely available or commercial 3rd party one with source, = because > >1) You can't proof or verify code you have only in binary form, No offense, but given that you are not a security expert, you probably = couldn't prove/verify code you saw in source form. Neither could I. I = mean, you could give it a general skim, but that's not really the same = thing. >2) You can't port or ensure interoperability between platforms if you = have >to rely on the encryption native to each platform, =20 There are implementations of standard algorithms, they should be = compatible. >3) Um, how many times a year do they find gaping security holes in >Windows? Why would we assume that an OS cryptography layer is = magically >all that great? =20 They find security holes in all OSes. I will note that none of them, to = my knowledge, have involved the Crypto API, probably because it's one of = the most carefully reviewed pieces of code in the system. =20 Your comments about Windows in general also miss an important point - = Windows has millions of lines of code, and is used by millions of people = every day, including a very large number of malicious attackers. Games = have considerably less code, a much smaller user base, and a smaller = absolute number of malicious attackers. Yet games frequently have bugs. = It's quite likely that the bug rate in games per line-of-code or = per-user is higher than in Windows. And yet you're talking about writing = brand new code in a notoriously tricky area. If you think it's going to = be less error prone than the heavily used and reviewed code in the OS, = then you are dreaming. =20 In any event, my argument was not particularly about Windows (although = you seem to want to turn it into one). My point was a caution against = rolling your own. If it makes you feel warm and fluffy to have the = source code, then use some thoroughly peer-reviewed open source library. = What you should not do is learn about this stuff for the first time by = reading a couple of books, download some student's homework assignment = implementation from the web, hack it about a bit, ask your buddy in the = next-door office to take a quick look at it and then sit back and assume = that your testers will find all the bugs. =20 In short: DO NOT ROLL YOUR OWN UNLESS YOU HAVE NO OPTION =20 Tony Cox - Development Lead, Hockey Microsoft Game Studios - Sports |
