[liberationtech] An encryption project

Cooper Quintin cooper at radicaldesigns.org
Mon Jan 28 11:45:03 PST 2013 

Paul,
If you, as you say, "do not have much experience in breaking/testing
encryption or the details of modern methods", I must assume that you are
not, in fact a professional cryptographer. (That's okay! Neither am I!)
 That being the case, I must ask you to PLEASE, PLEASE, PLEASE not
implement any sort of cryptographic solution yourself. ESPECIALLY if it
is intended to be used "under  circumstances that the senders life may
depend on it being secure."
It is really easy to get crypto wrong and fairly challenging to get it
right.
Here is an entertaining article illustrating my point:
http://chargen.matasano.com/chargen/2009/7/22/if-youre-typing-the-letters-a-e-s-into-your-code-youre-doing.html

The best solution for you here is to explain the problem clearly and the
threats that are faced by your end users to someone who is very smart
about cryptography and security (preferably someone much smarter about
it than myself), and have them help you come up with an already existing
solution.

Good luck!

Cooper Quintin
PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA

On 01/28/2013 07:18 AM, Yosem Companys wrote:
> From: *Paul Christian* <phosne at gmail.com <mailto:phosne at gmail.com>>
> To: cryptography at randombit.net <mailto:cryptography at randombit.net>
> 
> Hi Folks,
>  
> I am new to the list and have in interest in encryption, but not much
> experiance in breaking/testing or a details understanding of modern methods.
>  
> I am interested in developing some technology to allow a user to
> communicate as securly as possible between a termial on an unsecure
> network and another users.
>  
> ie encrypted message from browser to user on another computer. Under
> circumstances that the senders life may depend on it being secure.
>  
> I have a few ideas in mind, but two important questions;
>  
> is it worth while? - is ssl good enough? ( it doesn't seem to be from my
> reading)
>  
> Anyone want to try and decode/break it once I have a demonstrator?
>  
> Thanks,
>  
> Paul
> 
> 
> 
> --
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
>

More information about the liberationtech mailing list