> From: bblisa [mailto:[email protected]] On Behalf Of Patrick Cable > > Crypto is hard. I hope you have folks reviewing your implementation, > especially if you're designing a cryptosystem to protect me from the big bad > agencies!
Block diagrams are easy. ;-) The block diagrams clearly and simply communicate the concept, which is solid. I first started giving presentations in security crowds on this topic almost 2 years ago, and we first released the code about 16 months ago, and we first put it into production a few months ago. We haven't paid for an independent security audit or anything like that, but I've gotten review from numerous crypto experts unofficially - and like I said - This whole concept is simple for anybody with a basic understand of crypto to understand. Implementation is a whole different can of worms. Which is why we didn't implement the crypto - we just use well known libraries (bouncycastle) and wrap around it. So all I have to do is take the block diagram, and where it says "asymmetric key generator," I call the bouncycastle ecdh key generator. And so on. If you look at the CBCrypt class, you'll see that it is ridiculously simple. https://github.com/rahvee/CBcrypt/blob/master/CBcrypt/CBcrypt/CBcrypt.cs _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
