[cryptography] One Time Pad Cryptanalysis
iang at iang.org
Sat Sep 28 07:40:44 EDT 2013
On 26/09/13 23:09 PM, Jeffrey Goldberg wrote:
> I’m suggesting that when offering advice to application developers on what sorts of systems to use, we should explicitly consider how easy it is for them to screw it up and how bad things get when they do.
They should be given something that won't screw up. Which means it
needs to be simple enough such that all the decisions are already made.
In my work, I've evolved into an OO pattern which I call a Cryptor. It
has everything built in: creation, storage, encrypt, decrypt as
required. Plus heavy ouroboris testing.
The idea is modular, eg PK Cryptor is built out of an AES/CBC Cryptor
and a HMAC Cryptor, etc.
Another example is the API provided to do curve25519xsalsa20poly1305
(which is in C so not OO).
More information about the cryptography