Encryption and developers
A newsgroup poster recently stated:
I found a freeware dll, md5lib.dll, on the web and am trying to use it in Access 2003.
My reply (which has been added to for the purposes of this posting)
I would strongly urge using the CryptoAPI as specified by Microsoft. Read the documentation thoroughly on MSDN. Although MSDN can be difficult to plow through.
See Security Alert: Debian & Ubuntu Linux Weak Encryption Keys which in turn has links to a number of articles such as DSA-1571-1 openssl -- predictable random number generator
My point is that rolling your own solution or using someone else's solution without you thoroughly understanding encryption and the code can cause problems. I trust Microsoft to do a good job with their code. I would've generally trusted open source systems as there are lots of folks reviewing the code. But that didn't work in this case. I certainly would not at all trust do it yourself code or dlls found on the web.