Monday, July 2, 2012

Proprietary cryptography algorithms

Great article on why to be suspicious of "proprietary" crypto algorithms.

http://eecs.wsu.edu/~holder/courses/cse4317/summ01/papers/schneier.pdf
"Suppose your doctor said, “I realize we have antibiotics that are good at treating your kind of infection without harmful side effects, and that there are decades of research to support this treatment. But I’m going to give you tortillachip powder instead, because, uh, it might work.” You’d get a new doctor. Practicing medicine is difficult. The profession doesn’t rush to embrace new drugs; it takes years of testing before benefits can be proven, dosages established, and side effects cataloged. A good doctor won’t treat a bacterial infection with a medicine he just invented when proven antibiotics are available. And a smart patient wants the same drug that cured the last person, not something different. Cryptography is difficult, too."


As for implementation... there are ways to do that too.