ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] On Streaming and Chunking

2015-03-27 05:38:09
from [Peter Gutmann] [Permanent Link] 
ianG <iang(_at_)iang(_dot_)org> writes:


One moving part in particular is the interface design.  It has been an
article of faith for a long time that the crypto libraries should deliver to
the application a CIPHER metaphor, and that's good enough for any programmer.
And a MAC metaphor.  And a MODE metaphor.  Which has gradually morphed into a
CIPHER/MODE/MAC metaphor.


And one with the defaults set wrong.  In Java, do a Cipher.getInstance("AES")
and you get AES in ECB mode.  To paraphrase a quote about C, "it gives you a
loaded gun and points it at your foot by default".

Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] Encrypting / Signing the mail subject?, Dave Crocker
Next by Date:  Re: [openpgp] Encrypting / Signing the mail subject?, Christoph Anton Mitterer
Previous by Thread:  Re: [openpgp] On Streaming and Chunking, ianG
Next by Thread:  [openpgp] Hybrid proposal for algorithm identifiers, Phillip Hallam-Baker
Indexes:  [Date] [Thread] [Top] [All Lists]