mikeash.com pyblog/friday-qa-2012-08-10-a-tour-of-commoncrypto.html commentshttp://www.mikeash.com/?page=pyblog/friday-qa-2012-08-10-a-tour-of-commoncrypto.html#commentsmikeash.com Recent CommentsFri, 29 Mar 2024 00:22:05 GMTPyRSS2Gen-1.0.0http://blogs.law.harvard.edu/tech/rssالوليد - 2016-09-30 19:18:06http://www.mikeash.com/?page=pyblog/friday-qa-2012-08-10-a-tour-of-commoncrypto.html#commentsI managed to add SSL support to an existing application in less than a couple of hours while I didn't know at all how to use it when I started. <br />8eaa39ebc6a847ae9bf2993b672d63c5Fri, 30 Sep 2016 19:18:06 GMTmikeash - 2012-08-19 20:04:05http://www.mikeash.com/?page=pyblog/friday-qa-2012-08-10-a-tour-of-commoncrypto.html#commentsAs I said in the article, this isn't meant to be a general-purpose introduction to cryptography. If you're implementing a system that's already been designed (e.g. you know that you need encryption X with key generated by Y and initialization vector generated by Z) then you can just follow the recipe. If you're creating your own cryptosystem, then you definitely need to know the stuff that RNCryptor is doing. <br /> <br />In his readme, he links to this article, which looks really good as far as doing the right stuff for your own cryptosystem: <br /> <br /><a href="http://robnapier.net/blog/aes-commoncrypto-564">http://robnapier.net/blog/aes-commoncrypto-564</a> <br /> <br />Algorithm and mode should be pretty easy to pick: just use AES in CBC mode with PKCS7 padding. The only reason to use anything else, as far as I know, is compatibility with an existing system. For the rest, that article covers it well.2e22ed4a7ba820545ceba5d6d8610b9bSun, 19 Aug 2012 20:04:05 GMTChris - 2012-08-19 09:14:27http://www.mikeash.com/?page=pyblog/friday-qa-2012-08-10-a-tour-of-commoncrypto.html#commentsCorrection of the last sentence: When looking at their code it looks a lot more complex than your symmetric encryption sample although they/he is also using CommonCrypto.1c72f7be7abd5151f9fb2baa2507163bSun, 19 Aug 2012 09:14:27 GMTChris - 2012-08-19 09:13:00http://www.mikeash.com/?page=pyblog/friday-qa-2012-08-10-a-tour-of-commoncrypto.html#commentsThank you very much for this post - especially for the symmetric encryption sample. I investigated a bit and it seems that you can still do so many things wrong when it comes to symmetric encryption. Or at least there are many things that can and should be improved: Password stretching, secure creation of the initialisation vector, picking the correct algorithm and picking the correct mode. I stumbled over the RNCryptor framework ( <a href="https://github.com/rnapier/RNCryptor">https://github.com/rnapier/RNCryptor</a> ). What do you think about it? When looking at their code it looks a lot more complex than your symmetric encryption algorithms although they/he is also using CommonCrypto.ae546cf139412c65d2d931c1634322f8Sun, 19 Aug 2012 09:13:00 GMTDustin Voss - 2012-08-17 23:21:22http://www.mikeash.com/?page=pyblog/friday-qa-2012-08-10-a-tour-of-commoncrypto.html#commentsThey've relaxed a lot of the export restrictions. There is a handy flowchart at <a href="http://www.bis.doc.gov/encryption/question1.htm">http://www.bis.doc.gov/encryption/question1.htm</a>. <br />40df0c1a557838e219bb3884fa0ca292Fri, 17 Aug 2012 23:21:22 GMTIvan Vučica - 2012-08-16 13:33:03http://www.mikeash.com/?page=pyblog/friday-qa-2012-08-10-a-tour-of-commoncrypto.html#commentsIs there some info on which parts of CommonCrypto require submission of export compliance documents with US government? Does "use of cryptography" mean even use of hash algorithms, such as SHA-1?2a96cffd11c005dc7941aed1ac241742Thu, 16 Aug 2012 13:33:03 GMTJean-Daniel - 2012-08-11 10:29:19http://www.mikeash.com/?page=pyblog/friday-qa-2012-08-10-a-tour-of-commoncrypto.html#commentsWhile CommonCrypto does not provide TLS, I recently discovered the Secure Transport API which is incredibly easy to use on OS X. <br /> <br />I managed to add SSL support to an existing application in less than a couple of hours while I didn't know at all how to use it when I started. <br />0242ce4f82528389a8526fb49d88e56fSat, 11 Aug 2012 10:29:19 GMT