emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5

From: Daiki Ueno
Subject: Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5
Date: Wed, 05 Feb 2014 14:11:59 +0900
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) 
Lars Ingebrigtsen <address@hidden> writes:

> Encryption is, I think, especially fiddly to get right.  That is,
> there are plenty of projects that have gotten it wrong over the years.
> Using the C interfaces in the intended way would help a bit.

I don't know what exactly you mean with "encryption", but real world
use-cases of encryption are not that simple.  Even for symmetric
encryption, you will probably need to consider secret key derivation,
padding, etc.  Using the C interfaces for them in the intended way would
be fiddly to get right.

GPG implements a good set of those already, in an interoperable way.  On
the other hand, who will trust such encrypting code written by a guy
with no crypto/security background?

> That is, there are plenty of projects that have gotten it wrong over
> the years.

As far as I know, only projects that have gotten problems with EPG were
written by the same author who never try to understand the concepts of
EPG/GPG and repeatedly pushes his own fancy crypto ideas with
hypothetical use-cases.
-- 
Daiki Ueno
reply via email to
[Prev in Thread] Current Thread [Next in Thread]