[cryptography] Design Strategies for Defending against Backdoors
brk7bx at virginia.edu
Mon Nov 18 08:01:01 EST 2013
On Mon, 18 Nov 2013 10:27:30 +0300
ianG <iang at iang.org> wrote:
> Vendors should make their encryption code public, including the
> protocol specifications. This will allow others to examine the code
> for vulnerabilities.
I would add to this that simpler code is better. The Underhanded C
Coding Contest should serve as a warning about large codebases.
There are also cases where we care more about our ability to audit the
code than about the performance; email encryption, for example (the
work is all done on the client side, and email already has some
expected latency). In those cases, I think we should be writing code
that is simple, short, and which clearly implements provably secure
constructions. To that end, here is a small proof-of-concept I wrote
in Python; it is an implementation of Cramer-Shoup encryption.
Constructive criticism is welcome, and I apologize in advance for the
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: not available
More information about the cryptography