Re: OVCML Tek: A Good Solution to XML Tek Insecurity

From: Roy M. Silvernail <roy-ovc_at_rant-central_dot_com>
Date: Mon May 02 2005 - 20:38:11 CDT

Ron Crane wrote:

> On May 2, 2005, at 4:14 PM, Cameron L. Spitzer wrote:
>> It's been a long time since I had a copy of _Applied Cryptography_
>> on my desk, but it seems to me Lesson One is the only thing in a
>> cryptosystem that it makes sense to hide or make non-interoperable
>> or different is the password.
> Yes. AC is *great* background for our project (and generally), and
> should be recommended in the FAQ. For those interested, you can see
> reviews and buy it here:
> -3961751?%5Fencoding=UTF8 .

Permit me to also recommend _Practical Cryptography_ by Bruce Schneier
and Niels Ferguson ( PC follows on both AC
and Schneier's _Secrets and Lies_ ( In the
preface to _Secrets_, Bruce writes "The error of _Applied Cryptography_
is that I didn't talk at all about the context. I talked about
cryptography as if it were The Answer(tm). I was pretty naive."

_Practical Cryptography_ discusses the design of a cryptosystem from an
engineering perspective, including the infrastructure required to make
it work. And as several posters have noted, the context of our
application is crucial. _Applied Cryptography_ is a toolbox (and a very
good and complete one). _Practical Cryptography_ is a detailed
application note. (and _Secrets and Lies_ is a good perspective on the
context issue itself)

Cameron, you are quite correct. Assuming a well-designed cryptosystem,
the only component that needs to be kept secret is the key.

Roy M. Silvernail is, and you're not
"It's just this little chromium switch, here." - TFT
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Tue May 31 23:17:13 2005

This archive was generated by hypermail 2.1.8 : Tue May 31 2005 - 23:17:52 CDT