RE: recommendations/evaluations of free / low-cost crypto libraries
>-Original Message- >From: [EMAIL PROTECTED] [mailto:owner->[EMAIL PROTECTED] On Behalf Of Peter Gutmann >Sent: 29 juin 2004 09:49 >To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] >Subject: RE: recommendations/evaluations of free / low-cost crypto >libraries > >"Anton Stiglic" <[EMAIL PROTECTED]> writes: > >>A list can be found here >> >>http://www.homeport.org/~adam/crypto/ > >Hmm, that list is somewhat out of date (several years in some cases). Indeed. Adam started that list in 1996, but I don't think he put allot of time updating it in recent years. Still, I think it's a good list for someone who is starting to look for crypto libraries. It would be nice gift to the community if someone came up with a similar, updated list. --Anton - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: recommendations/evaluations of free / low-cost crypto libraries
"Anton Stiglic" <[EMAIL PROTECTED]> writes: >A list can be found here > >http://www.homeport.org/~adam/crypto/ Hmm, that list is somewhat out of date (several years in some cases). Peter. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: recommendations/evaluations of free / low-cost crypto libraries
A list can be found here http://www.homeport.org/~adam/crypto/ There are several things that you might want to consider, other than the language in which the library was written of course. You might want to consider the cryptographic algorithms that are supported, and support for standards such as various PKCS standards. For example, although JCE is a standard framework, not all JCE providers implement the same functionality. Some may allow you to create a PKCS#12 object or not, some will only let you read one. And creating a PKCS#12 object can be done in various ways, you might need to provide all of the keys that go in the PKCS#12 object at once, or you can add them incrementally (we actually changed a JCE provider because of this point). Some allow you to talk to a cryptographic hardware via PKCS#11 and some not. You also might be interested in software performance, and if operations can be accelerated by hardware you might have in hand. You might also be interested in FIPS accreditation. For example, Crypto++ and the NSS library are FIPS 140 accredited. OpenSSL is in the process of being certified (there was a discussion about that in this list around September 2003). Architecture and OS platform compatibility is another important issue. You might also be interested in the size of the compiled executable once it is statically linked with the library (some libraries do much better than others on this point). Regards, --Anton - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: recommendations/evaluations of free / low-cost crypto libraries
Amir, > I will appreciate experience-reports/evaluations/comparisons with free or > low cost (and in particular zero `per seat` cost) crypto libraries, > especially in C / C++ (or links to web-sites containing them). If I'll get > substantial useful information (off-list) I'll try to compile it and send > to the list. Important aspects include reliability, functionality, > performance, documentation, cost (for development system - no `per seat` > cost!), and licensing terms (in particular can it be used for commercial > products, and any restrictions). We've been using Peter Gutmann's cryptlib quite extensively: http://www.cs.auckland.ac.nz/~pgut001/cryptlib/index.html Cheers, Stefan. 2. Deutsches Security Awareness Symposium 29.-30.06.2004 http://www.security-awareness-symposium.de/ Dipl.-Inform. Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Albert-Nestler-Strasse 9, D-76131 Karlsruhe Tel. +49 721 6105-461, Fax +49 721 6105-455 E-Mail [EMAIL PROTECTED], http://www.secorvo.de/ --- PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: recommendations/evaluations of free / low-cost crypto libraries
On Tue, Jun 15, 2004 at 09:17:40AM +0200, Amir Herzberg wrote: > I will appreciate experience-reports/evaluations/comparisons with free > or low cost (and in particular zero `per seat` cost) crypto libraries, > especially in C / C++ (or links to web-sites containing them). Taking "especially" to mean you may be interested in others as well, in the Java world it's impossible to go past the Legion of the Bouncy Castle (www.bouncycastle.org). Of course, unless you need to get at low-level stuff or do any other non "consumer" crypto, in Java you generally use the abstract JCE and JSSE api's and don't really care (in the programming sense) which provider is plugged in underneath. As well as the typical JCE stuff (ciphers and X.509), BC also includes OpenPGP and S/MIME. -- Dan. pgpR6jOk1B93g.pgp Description: PGP signature
Re: recommendations/evaluations of free / low-cost crypto libraries
- Original Message - From: "Amir Herzberg" <[EMAIL PROTECTED]> Subject: recommendations/evaluations of free / low-cost crypto libraries > I will appreciate experience-reports/evaluations/comparisons with free > or low cost (and in particular zero `per seat` cost) crypto libraries, > especially in C / C++ (or links to web-sites containing them). Generally the two most suggested free products are Crypto++ (http://www.eskimo.com/~weidai/cryptlib.html) and OpenSSL (http://www.openssl.org/). I have used both and both are very good toolsets, each has small advantages, but mostly it's just a programming style preference. As a personal preference, I generally preper OpenSSL for most purposes, because the interface feels better to me, but lately I've been using Crypto++ more because it supports a wider selection of algorithms (including the very important for me ECC variants) which is recently of extreme value to me. I will say that if either of these was pay-ware, I would gladly pay for it. Joe - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
recommendations/evaluations of free / low-cost crypto libraries
I will appreciate experience-reports/evaluations/comparisons with free or low cost (and in particular zero `per seat` cost) crypto libraries, especially in C / C++ (or links to web-sites containing them). If I'll get substantial useful information (off-list) I'll try to compile it and send to the list. Important aspects include reliability, functionality, performance, documentation, cost (for development system - no `per seat` cost!), and licensing terms (in particular can it be used for commercial products, and any restrictions). Thanks a lot... -- Best regards, Amir Herzberg Associate Professor, Computer Science Dept., Bar Ilan University http://amirherzberg.com (information and lectures in cryptography & security) - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]