Hi, Do you need to encrypt them (protect from readability) or make them tamper proof (hashing/signature?) or both? Do you need to detect corrupted messages and out of order or old messages? Do you care if there is a key in the client or server, or both?
I might have some ideas for you. I have used Crypto++ to do something similar in the past. I ended up using something like AES/CBC and MD5 or SHA to both encrypt and "sign" (encrypt a hash) timestamped credentials, for a web application. My goals were protection, tamper-proofing, small message size. It was cool in that the timestamping allowed me to avoid writing a session manager. Keep in mind, everything in SSL is there for a reason. Thanks, Frank -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, June 26, 2006 12:25 PM To: [email protected] Subject: what algorithm to choose Hi everyone, I wonder if anyone here could point me in the right direction. My question isn't directly Crypto++ related, but I may end up using it to solve my problem. I'm not a cryptography expert. I'd like to implement a secure communication over TCP/IP or UDP between two of my applications within a local network. I got the client/server part all written and working, talking back and forth. However, I need to encrypt the contents of these messages to make them tamper-proof. Typically these are just a few bytes every few minutes. Setting up an SSL connection is not an option, so I need to encrypt them at the source level. I'm willing to read up on this, but before I choose an algorithm and implementation, can you comment on how to do this in a secure and effective way? Thanks in advance, Fafa
