Re: I need some feedback
Re: I need some feedback
- Subject: Re: I need some feedback
- From: Howard Shere <email@hidden>
- Date: Fri, 18 Jan 2019 17:33:21 +0000
- Thread-topic: I need some feedback
The code is currently using CommonCrypto, just looking at all my options before
I rewrite the transport (which I inherited from previous developers).
On Jan 18, 2019, at 11:30 AM, Jens Alfke
<email@hidden<mailto:email@hidden>> wrote:
CAUTION: This email originated from outside of Synchronoss.
On Jan 17, 2019, at 12:26 AM, Quinn The Eskimo!
<email@hidden<mailto:email@hidden>> wrote:
Finally, a question: Is there a reason you’re doing your own encryption rather
than using TLS? Creating your own on-the-wire crypto is very tricky, and it’s
something best left to the experts.
+1. This is fraught with peril. When working directly with ciphers it’s easy to
make mistakes in design that can render your encryption trivially breakable.
Then there’s the higher-level problem of key exchange — how do the sender &
recipient agree on a secret key before the data transfer?
If you go this route, I recommend using libSodium, an open-source
batteries-included crypto library that provides high-level mechanisms for
common tasks, instead of making you assemble them out of primitives. You get
less choice of algorithms, but you do get the assurance that the functionality
is correctly designed and implemented.
—Jens
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list
(email@hidden<mailto:email@hidden>)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Howard Shere | Software Sculptor
Desk: +1 CAL.LMO.BILE | Mobile: +1 901.359.4200
email@hidden<mailto:email@hidden>
www.synchronoss.com<http://www.synchronoss.com>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden