Cryptography Reference
In-Depth Information
and users should be made aware of the risks and damages incurred. But try to
get a security person to admit that vulnerabilities in their software have been
exploited.
We have only dealt with a tiny part of existing software in this chapter. I doubt
whether the evaluation of the most important programs would even fit into one
topic. But I'm sure you saw the things I wanted to make a point of.
Among the programs discussed here, SSH is probably the best in terms of
user friendliness, security, and functionality. That doesn't hurt PGP, though: it
was the first really popular cryptographic program, offered users all over the
world security across all operating systems, and even had an impact on political
affairs. It is still unprecedented in its field — the exchange of secure email.
What's missing is perhaps the most important and best free cryptography soft-
ware:
OpenSSL
. It can be used both as a library for C programs and in scripts
thanks to its command-line interface. The reason I mention this thoroughly
tested and very secure software only in this section is very simple: there is an
excellent topic on it, namely
Secure Programming Cookbook for C and C++
[ViegaMess]. Although it is a cookbook for programmers, as the title suggests,
it belongs on your bookshelf, just as does [FergSchnPract], if you want to
design on your own.
Finally, I spare you a discussion of snake-oil products. The cryptanalysis of
such programs is rather an issue that belongs to Chapters 2 and 3, i.e., historic
cryptography.
