[cryptography] QODE(quick offline data encryption)

Kevin kevinsisco61784 at gmail.com
Wed Jan 7 14:28:14 EST 2015


On 1/7/2015 1:46 PM, shawn wilson wrote:
> On Wed, Jan 7, 2015 at 1:26 PM, Kevin <kevinsisco61784 at gmail.com> wrote:
>
>>      Any company could review it and decide if it's worth using or not.
> Ok, lets run with that - as a company, show me the steps (make file, a
> test suite in any programming language, or just english if you
> prefer), explain to me the steps one would go through to verify your
> crypto isn't battshit crazy?
>
> There have discussions about frameworks to test crypto on this list
> and iirc a few exist but I haven't gone though the time to figure out
> how to implement something. So, if you (or anyone else) has a
> verification method, I'm all ears.
>
> And, I'm not the smartest one (on this list or even the smartest
> sysadmin) but if I don't know, I wouldn't expect at least the majority
> of other devs/admins to know how to verify your crypto past the
> simplest code review (I wouldn't have a clue how to besides fuzzing
> some stuff from the outside).
>
> Hence I say, it's a mistake to publish any toy you want to call "crypto".
Surely a company would pay top dollar to protect itself.  Oh and let's 
not rule out good sense.  If you feel in your gut that you can't trust 
something, that probably is a good instinct.  As a security nut I use 
this policy and it works for me.


-- 
Kevin


---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com



More information about the cryptography mailing list