[MUD-Dev] TECH: Securing Symetric Encryption.
Michael Sims
lists at peltast.org
Fri Jul 15 16:51:39 CEST 2005
On Thursday 14 July 2005 10:33, William Leader wrote:
> I was brainstorming about this and I was hoping someone could
> check my logic. I want to be able to secure the connection between
> a client and server using encryption.
You should get and read Bruce Schneier's book, Applied Cryptography.
(It is, somewhat surprisingly, not a hard read [just skim over the
heaviest math] and it will blow your mind.) His newer book,
Practical Cryptography, is probably just as good, but I haven't read
it.
In a nutshell, his advice (and mine) is something like this: you are
not a cryptographer. Non-cryptographers create extremely poor
encryption systems, without fail. (Cryptographers create extremely
poor encryption systems, almost without fail - there's a reason why
there are only a few dozen encryption algorithms in use worldwide.)
The *only* solution likely to be at all secure for a
non-cryptographer is to use someone else's system. Do NOT do it
yourself. I can tell from your message that you are running into
and re-solving problems that are well known in the cryptography
world and have been solved already.
You didn't provide much detail about exactly what you want to do,
but it sounds to me as if you want to download and install the
OpenSSL code and use that:
http://www.openssl.org/
Sorry if this seems harsh, but this is simply something that you
should not rebuild from scratch, even if you really want to.
Michael Sims
_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://kanga.nu/lists/listinfo/mud-dev
More information about the mud-dev-archive
mailing list