On Wed, Jan 30, 2013 at 12:01:24PM +0300, ianG wrote: > So my message is: DIY crypto rocks [5]. JCE/provider crypto is so > not the answer I've forgotten what the question is. With Java in > particular, life is very bipolar, there is such a gulf between the > bureaucracy of the Oracle and the anarchy of DIY that neither side > recognises the other.
Well, an entertaining story and reasonable if you have a single app and crypto-programmer expert such as yourself willing to do write the code. I certainly understand the frustration of not having any library which conforms to one's preferred design, and have rewritten many a library in my time, though perhaps not as many as you :-) Unfortunately, I have hundreds of apps to worry about, I don't trust the average developer to write crypto code (hot glass looks just like cold glass to an outside observer), and I don't have the time to do it myself. Standardizing on custom crypto for every app of our hundreds isn't going to scale, either; I wouldn't even have the time to review all the code, even if it were written correctly the first time with no instruction. So I suppose I'm stuck with the lesser of N evils (or perhaps the evil of N lessers). Which of course brings me to the question of which evil that actually is. And perhaps another meta question is, why are there no satisfactory libraries? Is it a technical reason or a market-based reason, or does everyone just have divergent tastes in how their crypto is served? -- http://www.subspacefield.org/~travis/ Nil nisi clavis deest
pgpQvnmXwkVf0.pgp
Description: PGP signature
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
