Originally posted by Ulf Dittmer:
The safety of code has nothing to do with the fact whether one is able to understand it. Especially with cryptography code I would advise NOT to write it oneself; it's very easy to get wrong and lose all safety. That's what the BouncyCastle and Cryptix libraries are for (if one wishes to avoid the Sun JCE providers).
I understand your point, and the poster should note it carefully:
Encryption Software to Avoid, I just obtained two contemporary texts on crypto and both of them, along with
Bruce Schneier say the same thing.
Do you know of any beginner texts / tutorials on how to use any of the three libraries ? I have extensive experience trying to do things with people who are not trained and I understand your point exquisitely, there are risks involved that cannot be understated. Still, with that in mind I needed a public key / private key pair for my design and did not need a turtle shell beyond defeating attacks on a simple inventory system that I am already doing myself - in my head without pencil and paper methods - and am stuck using non-crypto strength locks and keys because all the code I have found so far wraps everything is AES and Certificates ... neither of which is of any use in my current design needs.
I recently wrote several thousand lines of classes during recent holidays and yet nothing on simple public key private key pair beyond obtaining a nifty signature for my emails using putty. RC4 is not unbreakable.
[ December 23, 2007: Message edited by: Nicholas Jordan ]