RE: [Algorithms] Message signature in token ring

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

>PROOF... not "prove".  As in, a respectable security algorithm is going
to have been=20
>_proven_ by mutliple math professors.  But it is a good idea to _proof_
the code you are=20
>using for security.  If I was going to use something for security, I
would want to be able=20
>to inspect the source code and verify that it implements that algorithm
correctly, and that >nothing dangerous is going on.

You're not qualified to verify, prove, proof, or otherwise validate that
it implements the algorithm correctly and *securely* either.

There are other problems than the core algorithm. Libraries which have
been thoroughly reviewed by many *security experts* get these things
right (mostly). Code that is verified by Random Joe Game Programmer
stands less of a chance of getting it right.

>> There are implementations of standard algorithms, they should be=20
>> compatible.
>
>Compatible with what?  If I have a PS2 game that's supposed to talk to
a Windows server, and >I use the Windows crypto API, there's no code for
the other end - so there's nothing to be >"compatible" with.  Do you see
what I'm getting at here?  You want to have the code, so you >can port
it to any machine.  If you have to write a version for the PS2 but not
for Windows, >that's no good, because you have to do the work for PS2
anyway, and so you might as well=20
>just have used that on both platforms.

It's true that platforms like PS2 present an issue, if Sony did not
think to provide standard libraries.

>Sure, that's a fine idea.  Your suggestion was to use the code in the
OS, which I think is a >bad idea, for the reasons I mentioned, which as
far as I can see still apply 100%.

My major point was not to roll your own unless you absolutely have to.

I also pointed out that for many applications there is perfectly good OS
code available which will do the job. Clearly the PS2 is library
deficient. That doesn't invalidate the sense of using the provided
libraries on Windows if you are not deploying on PS2.

Tony Cox - Development Lead, Hockey
Microsoft Games Studios - Sports