On Mon, 18 Nov 2013 10:27:30 +0300 ianG <i...@iang.org> wrote: > Vendors should make their encryption code public, including the > protocol specifications. This will allow others to examine the code > for vulnerabilities.
I would add to this that simpler code is better. The Underhanded C Coding Contest should serve as a warning about large codebases. There are also cases where we care more about our ability to audit the code than about the performance; email encryption, for example (the work is all done on the client side, and email already has some expected latency). In those cases, I think we should be writing code that is simple, short, and which clearly implements provably secure constructions. To that end, here is a small proof-of-concept I wrote in Python; it is an implementation of Cramer-Shoup encryption. Constructive criticism is welcome, and I apologize in advance for the sparse documentation: https://github.com/benkreuter/cca2python -- Ben
signature.asc
Description: PGP signature
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography