Jump to content

  • Log In with Google      Sign In   
  • Create Account


#ActualBacterius

Posted 25 September 2013 - 12:08 AM

I also recommend *not* using the library in a serious project if you don't know how to use it. Cryptography is difficult to get right, and even if you do know what you are doing you should still use existing frameworks and protocols to achieve whatever security property you are looking for (e.g. use SSL/TLS bindings, a validated SRP implementation, and so on) instead of rolling your own. The problem is that it's very easy to think you've got it right when in reality all you've got is a gaping hole that you can't even see. I know it's tempting to just go ahead and hack away at code until it looks like it's working, but most crypto tutorials you will find on the net are utter crap and with the wealth of easily accessible knowledge and vetted implementations there is really no excuse for doing this yourself, failing, and getting your ass kicked shortly after by the PR backlash.

 

And, yes, encryption does not care about the underlying structure or semantics of the data. It works on any kind of information, in any encoding.


#1Bacterius

Posted 25 September 2013 - 12:04 AM

I also recommend *not* using the library in a serious project if you don't know how to use it. Cryptography is difficult to get right, and even if you do know what you are doing you should still use existing frameworks and protocols to achieve whatever security property you are looking for (e.g. use SSL/TLS bindings, a validated SRP implementation, and so on) instead of rolling your own. The problem is that it's very easy to think you've got it right when in reality all you've got is a gaping hole that you can't even see.

 

And, yes, encryption does not care about the underlying structure or semantics of the data. It works on any kind of information, in any encoding.


PARTNERS