Welcome to Orcmid's Lair, the playground for family connections, pastimes, and scholarly vocation -- the collected professional and recreational work of Dennis E. Hamilton

 

The nitty-gritty of how not to use encryption

Attacking and repairing the WinZip "Advanced Encryption" scheme.  Here's the skinny on the way software can end up using encryption in an insecure way.  Here's detailed information that is representative of the kinds of diligence it takes to incorporate an encryption system into a product or to use one that has been provided.  There are caveats around the application of almost every cryptographic technique, and one should be careful to know what they are and to safeguard against misuse of the technique.  Finally, it is important to keep asking about the threat one is attempting to mitigate and questioning how a particular security practice actually applies to that.
posted by Dennis at 5/16/2004 07:03:20 PM