[cryptography] Call to review OWASP ESAPI crypto code

Kevin W. Wall kevin.w.wall at gmail.com
Thu Apr 8 00:32:29 EDT 2010


The Open Web Application Security Project (OWASP) is a 501(c)(3)
not-for-profit worldwide charitable organization focused on improving
the security of application software and all of OWASP's materials are
available under a free and open source software licenses.

The next release candidate of OWASP's Enterprise Security API (ESAPI)
for Java (ESAPI-2.0-rc6) has recently been released. This is the
second complete release candidate that contains the completely revamped
symmetric encryption and the first release candidate with completed user
documentation om this regard.

Before we make an official 2.0 release, we would like the completely
redesigned symmetric encryption in ESAPI to be reviewed by professional
cryptographers or security professionals with expertise in cryptography.

It shouldn't take too much time as the code-base is really fairly small--
slightly over 3900 LOC (including comments and blank lines) or approximately
1725 non-commentary source lines.

Anyhow, if you are willing to help without charge to OWASP, you can find
more details at:
    http://www.owasp.org/index.php/Request_to_review_ESAPI_2.0_crypto

Thanks in advance to those of you who can help.
-kevin--
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME



More information about the cryptography mailing list