Re: [GNU Crypto] Documentation

[Raif S. Naffah]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

hello Marcel,

On Tue, 27 May 2003 08:28 pm, Marcel Winandy wrote:
> Hello!
>
> > the issue is effectively whether to include in the makeKey(...)
> > method implementations checks for weak keys (and eventually other
> > massaging functions required by the algorithm) and bailing out with
> > this new exception if the key material is found to be in violation
> > of certain pre-conditions; e.g. weak key.  or, do not apply those
> > checks relying instead on the user alertness for ensuring the
> > quality of the input key material.
> >
> > i'd be also interested in hearing others' opinion on the subject.
>
> The point is whether you want to provide a library with raw
> algorithms or to provide a secure cryptography library. In the former
> case it is up to the user to decide what is a weak key and how to
> treat with it. But in the latter case (and I hope that is what you
> want) the library has to assure that weak keys are rejected or at
> least the user is being warned.

the latter is indeed what i want.


> The last thing is very important because there may be users who are
> not very familiar with cryptography and possibly don't know about
> weak keys or how they defined and what consequences they will have.
>
> The whole thing is about responsibility: who shall make secure
> cryptography - the application programmer or the crypto library? I
> suggest the name of library gives us a hint to answer this
> question...
>
> Ciao,
>  Marcel

- -- 
cheers;
rsn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Que du magnifique

iD8DBQE+00Qu+e1AKnsTRiERAwbKAKDzNMElsXnoAfniLkpcmHIyRzOtigCgzeIP
6jyREO3MKJ0rG/xt1zTtXog=
=cy50
-----END PGP SIGNATURE-----