Stephan Neuhaus wrote: >> Yes, there's a need for a "crypto practices FAQ" to which one can refer. > > I disagree because you cannot force developers to read (and understand) > these FAQs. Instead, there is a need for APIs that are difficult to use > in an insecure way. For example, Peter Gutmann's cryptlib makes it > intentionally hard to get at private key material because of precisely > this issue. Also, I believe, cryptlib does not allow RSA in anything > but ECB mode, because doing so means the developer is seriously on the > wrong track here.
This is a good point, and it reminds me of this presentation from Rusty Russell on "levels" of Linux kernel interfaces. See http://ozlabs.org/~rusty/ols-2003-keynote/img39.html and following. The main issue I see is how do you force the developer to adopt your library and corresponding API? A secondary issue is what do you do if there isn't a suitable library and API yet available? In cases where you can't (yet) provide a simple "use cryptlib" response, a crypto practices FAQ would be helpful for pointing out common problems and explaining them well. I've started a wiki in case anyone wants to hack on such a FAQ: http://www.cryptohygiene.org/ -David Molnar
Description: OpenPGP digital signature