[cryptography] QODE(quick offline data encryption)

shawn wilson ag4ve.us at gmail.com
Wed Jan 7 13:46:52 EST 2015


On Wed, Jan 7, 2015 at 1:26 PM, Kevin <kevinsisco61784 at gmail.com> wrote:

>     Any company could review it and decide if it's worth using or not.

Ok, lets run with that - as a company, show me the steps (make file, a
test suite in any programming language, or just english if you
prefer), explain to me the steps one would go through to verify your
crypto isn't battshit crazy?

There have discussions about frameworks to test crypto on this list
and iirc a few exist but I haven't gone though the time to figure out
how to implement something. So, if you (or anyone else) has a
verification method, I'm all ears.

And, I'm not the smartest one (on this list or even the smartest
sysadmin) but if I don't know, I wouldn't expect at least the majority
of other devs/admins to know how to verify your crypto past the
simplest code review (I wouldn't have a clue how to besides fuzzing
some stuff from the outside).

Hence I say, it's a mistake to publish any toy you want to call "crypto".


More information about the cryptography mailing list