Signs your crypto is wrong.

Here are a few signs that you might be doing crypto the wrong way:

  1. You're using a third-party library "because .NET keeps throwing exceptions".
    Explanation: .NET's cryptography routines throw exceptions when you are doing something wrong.  If you are getting exceptions, you need to figure out why.
  2. You are encrypting (or trying to encrypt) with the private key.
    Explanation: You encrypt with the public key, you decrypt with the private key.  You sign with the private key.  Yes, signing involves an encryption with the private key, but that's the only time you should encrypt with the private key - and then, you should be doing the hash and sign together.  .NET will throw an exception if you try and encrypt data with a private key.
  3. You are decrypting (or trying to decrypt) with the public key.
    Explanation: see sign number 2.  If your protocol requires you to decrypt with the public key, except as part of a signature verification step, then it is broken.
  4. You are designing your own protocol, rather than copying from someone else.
    Explanation: Cryptography is hard to get right.  Cryptography needs to be done using published and analysed methods, to know that you are getting it right.  Everything you are trying to do with cryptography has already been done.  Copy from others.
  5. You have started writing your final program before finishing reading the book.
    Explanation: Most books discuss the simple concepts first, and the subtler concepts are left for further in the book.  If you start coding before you have met some of the subtleties, you will paint yourself into a corner, or you will release a half-finished piece of crypto.
  6. You are writing SSL code, but you do not know what "close_notify" means.
    Explanation: close_notify is part of the SSL protocol spec.  Without it, you don't know if your session was interrupted by a forged closure.  It's covered in chapter eight of the book I read.  See sign 5.

I expect to have more signs later.

Published Wed, Apr 5 2006 21:19 by Alun Jones

Leave a Comment

If you can't read this number refresh your screen
Enter the numbers above: