[cryptography] One Time Pad Cryptanalysis

ianG iang at iang.org
Sat Sep 28 07:40:44 EDT 2013


On 26/09/13 23:09 PM, Jeffrey Goldberg wrote:

> I’m suggesting that when offering advice to application developers on what sorts of systems to use, we should explicitly consider how easy it is for them to screw it up and how bad things get when they do.


They should be given something that won't screw up.  Which means it 
needs to be simple enough such that all the decisions are already made.

In my work, I've evolved into an OO pattern which I call a Cryptor.  It 
has everything built in:  creation, storage, encrypt, decrypt as 
required.  Plus heavy ouroboris testing.

The idea is modular, eg PK Cryptor is built out of an AES/CBC Cryptor 
and a HMAC Cryptor, etc.

Another example is the API provided to do curve25519xsalsa20poly1305 
(which is in C so not OO).

iang


More information about the cryptography mailing list