Practice Cryptography!

Even with all of the cryptologic and cryptographic technology that has existed in the world for the past 60 years, we still don't really know what encryption is good for or how to use it -- or, more importantly, why it's important. Maybe it's time for people and coders to actually start practicing how to use it, like any other skill.

Wednesday, March 08, 2006

 
Right now, there are only a few freely-available C and C++ SSL/TLS implementations that I'm aware of... OpenSSL (and its predecessor, SSLeay), GNUTLS, and MatrixSSL. The first two provide support for client authentication as part of their free versions; the first one provides support for creation of certificates.

There is a pure Java SSL implementation available on rtfm.com; I don't use Java as a general rule so I don't know how good or efficient it is.

(This post is primarily to remind myself of things to look at and study. I'm sorry if it seems to not have much appropriateness in the larger context -- except that these implementations all are examples of current cryptographic practice. There are other implementations of cryptography -- Freenet, TOR, I2P, and a whole host of others that I'll mention later, as well as the implementations of OpenPGP, including GPG.)

But... where are they, and what assumptions do they make? And how well do they use the random numbers they get?

posted by Kyle H  # 5:02 AM
Comments: Post a Comment



<< Home

Archives

2006-02-12   2006-02-19   2006-02-26   2006-03-05   2006-03-12   2006-03-19   2006-03-26   2006-04-02   2006-04-09   2006-04-16   2006-04-23   2006-07-23   2008-01-13   2008-01-20   2008-02-03   2008-02-17   2008-03-16   2008-04-06   2008-05-11  

This page is powered by Blogger. Isn't yours?