Re: OVCML Tek: A Good Solution to XML Tek Insecurity

From: Roy M. Silvernail <roy-ovc_at_rant-central_dot_com>
Date: Mon May 02 2005 - 20:38:11 CDT

Ron Crane wrote:

> On May 2, 2005, at 4:14 PM, Cameron L. Spitzer wrote:
>
>> It's been a long time since I had a copy of _Applied Cryptography_
>> on my desk, but it seems to me Lesson One is the only thing in a
>> cryptosystem that it makes sense to hide or make non-interoperable
>> or different is the password.
>
>
> Yes. AC is *great* background for our project (and generally), and
> should be recommended in the FAQ. For those interested, you can see
> reviews and buy it here:
> http://www.amazon.com/gp/product/0471117099/102-4626758
> -3961751?%5Fencoding=UTF8 .

Permit me to also recommend _Practical Cryptography_ by Bruce Schneier
and Niels Ferguson (http://tinyurl.com/exv6t). PC follows on both AC
and Schneier's _Secrets and Lies_ (http://tinyurl.com/du2ap). In the
preface to _Secrets_, Bruce writes "The error of _Applied Cryptography_
is that I didn't talk at all about the context. I talked about
cryptography as if it were The Answer(tm). I was pretty naive."

_Practical Cryptography_ discusses the design of a cryptosystem from an
engineering perspective, including the infrastructure required to make
it work. And as several posters have noted, the context of our
application is crucial. _Applied Cryptography_ is a toolbox (and a very
good and complete one). _Practical Cryptography_ is a detailed
application note. (and _Secrets and Lies_ is a good perspective on the
context issue itself)

Cameron, you are quite correct. Assuming a well-designed cryptosystem,
the only component that needs to be kept secret is the key.

-- 
Roy M. Silvernail is roy@rant-central.com, and you're not
"It's just this little chromium switch, here." - TFT
SpamAssassin->procmail->/dev/null->bliss
http://www.rant-central.com
_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Tue May 31 23:17:13 2005

This archive was generated by hypermail 2.1.8 : Tue May 31 2005 - 23:17:52 CDT