DIY may be okay for those who are very skilled, but the general rule is to use proven libraries and not write your own.
If you code in Java like we do, we really like the BouncyCastle library (for over a decade) and have no issue with their JCE since we do the installations and it's not a big deal to add the JCE policy files for strong encryption in our case. I am sure it can be an issue if you had to deal with users doing the installation, but that's not our case. Good luck! On Thu, Feb 7, 2013 at 2:58 PM, <[email protected]>wrote: > On Wed, Jan 30, 2013 at 12:01:24PM +0300, ianG wrote: > > So my message is: DIY crypto rocks [5]. JCE/provider crypto is so > > not the answer I've forgotten what the question is. With Java in > > particular, life is very bipolar, there is such a gulf between the > > bureaucracy of the Oracle and the anarchy of DIY that neither side > > recognises the other. > > Well, an entertaining story and reasonable if you have a single app > and crypto-programmer expert such as yourself willing to do write the > code. I certainly understand the frustration of not having any library > which conforms to one's preferred design, and have rewritten many a > library in my time, though perhaps not as many as you :-) > > Unfortunately, I have hundreds of apps to worry about, I don't trust > the average developer to write crypto code (hot glass looks just like > cold glass to an outside observer), and I don't have the time to do it > myself. > > Standardizing on custom crypto for every app of our hundreds isn't > going to scale, either; I wouldn't even have the time to review all > the code, even if it were written correctly the first time with no > instruction. > > So I suppose I'm stuck with the lesser of N evils (or perhaps the evil > of N lessers). Which of course brings me to the question of which > evil that actually is. > > And perhaps another meta question is, why are there no satisfactory > libraries? Is it a technical reason or a market-based reason, or does > everyone just have divergent tastes in how their crypto is served? > -- > http://www.subspacefield.org/~travis/ > Nil nisi clavis deest > > > > > _______________________________________________ > cryptography mailing list > [email protected] > http://lists.randombit.net/mailman/listinfo/cryptography > >
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
