At 06:48 PM 12/18/2007 -0800, Arshad Noor wrote:
While there are many different ways to approach encryption
and decryption of sensitive data, you may want to consider
how you plan to manage the encryption keys before you go
down this path.
This is prudent. You should consider how to securely
I think you would be doing the crypto community a huge public
service by publishing the ~4 page section, Ian. Personally,
I prefer your 3-sentence disclaimer. :-)
Arshad Noor
StrongAuth, Inc.
Ian Farquhar (ifarquha) wrote:
I personally have a boilerplate risk disclosure section
which
On Wed, Dec 19, 2007 at 08:22:09AM +0100, Luis Martin wrote:
I am not sure I understood what you want but here's my suggestion.
The problem is that client code assumes that there is a fixed (constant)
relationship between the size of the output and the size of the input,
and does its own memory
On Dec 17, 2007, at 9:38 AM, [EMAIL PROTECTED]
wrote:
So... supposing I was going to design a crypto library for use within
a financial organization, which mostly deals with credit card numbers
and bank accounts, and wanted to create an API for use by developers,
does anyone have any advice
While there are many different ways to approach encryption
and decryption of sensitive data, you may want to consider
how you plan to manage the encryption keys before you go
down this path.
It sounds like you are establishing the foundation of a class
library for a large financial organization.
One thing that I'm wondering is how to indicate (e.g.) the overhead in
terms of padding, or whatever, for various algorithms... or if it
matters. The old code had some really disturbing practices like
assuming that the output buffer was 16 octets bigger, and stuff like
that... scary.
I am
On Mon, Dec 17, 2007 at 10:38:59AM -0600, [EMAIL PROTECTED] wrote:
So... supposing I was going to design a crypto library for use within
a financial organization, which mostly deals with credit card numbers
and bank accounts, and wanted to create an API for use by developers,
does anyone have
On Dec 17, 2007, at 17:38, [EMAIL PROTECTED]
wrote:
So... supposing I was going to design a crypto library for use within
a financial organization, which mostly deals with credit card numbers
and bank accounts, and wanted to create an API for use by developers,
does anyone have any advice
| So... supposing I was going to design a crypto library for use within
| a financial organization, which mostly deals with credit card numbers
| and bank accounts, and wanted to create an API for use by developers,
| does anyone have any advice on it?
|
| It doesn't have to be terribly complete,
So... supposing I was going to design a crypto library for use within
a financial organization, which mostly deals with credit card numbers
and bank accounts, and wanted to create an API for use by developers,
does anyone have any advice on it?
It doesn't have to be terribly complete, but it does
10 matches
Mail list logo