Ben Laurie <> writes:

>I totally agree, and this is the thinking behind the Keyczar project (

If we're allowed to do self-promotion I'll have to mention cryptlib, which had
as one of its principal design goals what was later stated by Ian Grigg as
"there should only be one mode and that is secure".  With cryptlib you have to
work very, very hard to do things insecurely (generally by resorting to
calling very low-level functions that the docs contain all sorts of dire
warnings about), and some things just can't be done at all, plaintext key
export being one really major sticking point that I get no end of complaints
about (if you really want the gory details you can get them at either or at 
for a newer, cleaned-up version).

This points out an awkward problem though, that if you're a commercial vendor
and you have a customer who wants to do something stupid, you can't afford not
to allow this.  While my usual response to requests to do things insecurely is
"If you want to shoot yourself in the foot then use CryptoAPI", I can only do
this because I care more about security than money.  For any commercial vendor
who has to put the money first, this isn't an option.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

Reply via email to