Document Your Use of Cryptography

Previous page
Table of content
Next page

Document Your Use of Cryptography

Many applications include cryptographic algorithms for numerous reasons. However, it's surpising that few people can tell you why a particular algorithm was used and why. It's worthwhile taking the time to document why you chose the algorithms used in the code and then having someone who understands crypto look at the document to determine whether the algorithms are appropriate.

I once received an email from a developer asking whether his code should encrypt the administrator's password by using MD4 or MD5. The answer is obvious, right? Actually, no, it's not. My first response to this question was to ask why they needed to store an admin password in the first place. The next response was MD4 and MD5 are not encryption algorithms; they are hash functions. They are cryptographic algorithms, but they do not provide secrecy as encryptions do.

TIP
Document your reasons for choosing your cryptographic algorithms, and have someone who understands cryptography review your rationales for choosing the algorithms you used.


Previous page
Table of content
Next page
Writing Secure Code
Writing Secure Code, Second Edition
ISBN: 0735617228
EAN: 2147483647
Year: 2001
Pages: 286
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
CISSP Exam Cram 2
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
802.11 Wireless Networks: The Definitive Guide, Second Edition
Java Concurrency in Practice
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy