Dear Crypto++ gurus and users, Coles notes version of my question: Does Crypto++ support STS Station- to-Station secret key distribution? ===================================
Explanation: ============ This is my first post to the mailing list (hi!). I came here because of my dream to write a GPL-based IM privacy clone of program Simp (www.secway.fr), because Simp does not provide the following that I want: 1) open & open-source so it can be criticized if any security holes exist 2) ability to choose ciphers other than AES for free 3) increase their keysizes past 128-bits, which Simp / SimpPro will not do. 4) confidence in facts. Simp claims it supports 3DES-128. Please correct me if I'm wrong, but I don't think such a keysize exists for 3DES. And for a "security company" to claim that it does, it destorys my confidence in how secure Simp is actually coded. If my statement is correct, then this reason alone is enough to motivate me to write a free GPL clone. 5) unforgiving lack of support for *nix world, especially Mac OS X (I can't talk to my Mac friends!) Crypto++ has all the ciphers I love. The program goal is to use both asym & sym ciphers, and using authentication, send the sym. key secretly. A hybrid method of encrypting the session key with a private key will not be supported as I think the risk of private key compromise is high with people who might use the program and not take key management too seriously. Now, I am afraid I will have to "do everything by hand" if only regular DH is implemented in Crypto++ libs... and that I have to "hit the books" for about 3 years before I am qualified to do STS properly. I didn't see STS mentioned on the main page of this lib. And... to me, currently it seems STS is the best way, but perhaps better / more modern ways to accomplish the same thing have been invented? Many thanks in advance. I hope this is not too off-topic to Crypto++ discussion. -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com.
