Re: cocoa-dev digest, Vol 2 #403 - 17 msgs
Re: cocoa-dev digest, Vol 2 #403 - 17 msgs
- Subject: Re: cocoa-dev digest, Vol 2 #403 - 17 msgs
- From: Derrell Piper <email@hidden>
- Date: Wed, 27 Mar 2002 06:35:24 -0800
Alex, thanks a million for this. I am new to the subject of
encryption, which I need for an app I am working on. The learning
process for me has been stumbling and non-linear:
[...]
You might also want to check out the Carbon KeyChain API's as
they're a good place to store your encryption key (or associated
password, if its user-generated).
The three most important points to remember when using
cryptography are: 1) the algorithm is only as strong as its key;
2) random numbers are very important; 3) most random functions,
aren't.
Fortunately, OS X appears to ship with a strong random number
generator in /dev/urandom. Randomness won't be relevant if
you're only doing symmetric Blowfish, but keep it in mind. Also
note that initialization vectors (IV's) typically do not need to
be strongly random, though it never hurts to use strong random.
Okay, that's not true. Generating good random numbers is
typically an expensive operation. So if you're doing per-packet
encryption, you wouldn't want to use them where they're not
needed. However I'm guessing that's not the case here.
Blowfish also uses variable-length keys. A quick glance at said
man page says that 128-bit keys are considered acceptable for
"strong" encryption. I certainly wouldn't use anything shorter.
Derrell
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.