[Gambas-user] Need to have blowfish en- and decryption

Brant Wells bwells at ...475...
Wed Jul 14 19:37:53 CEST 2004 

Hey Rob.

All encryption is meant to be cracked! ;-) ... Some form of encryption 
would actually be better than none at all, or even a low-level 
encryption.  With a new encryption method, hackers that are unware as to 
the encryption type used, would have to hunt and peck at the encrypted 
data for a while before they could make any sense of it -- especially if 
it's an un-published algorythm, or formula, etc.

And on the security note, I woudln't expect somebody to use this on like 
a top-secret government computer requiring 1024-bit encryiption, 
either...  At least not until I [we] had a chance to really test the 
encryption....  [grin]...  I do understand, and fully believe that 
security is a *REAL* issue... especially in the linux world...

I'm working on porting the blowfish to a gambas class now...  So far, I 
have about 10 lines of code...  but I will keep everyone posted as I get 
it thrown together...

See Ya!
~Brant

Rob wrote:

>On Wednesday 14 July 2004 09:09, Brant Wells wrote:
>  
>
>>functions, like the RTLMoveMemory...  But I also don't see the
>>problem with creating our own 'encryption' routines just for
>>Gambas...
>>    
>>
>
>In fact, I think rolling your own "crypto" and then releasing it 
>for general consumption by gambas users would be significantly 
>worse than the current situation where there's no crypto in 
>gambas at all.  This is because it would give gambas users who 
>might not know any better a false sense of security when using a 
>weak and untested cipher.  You might as well implement rot13 
>because at least then no one expects it to be uncrackable.
>
>I gotta think Schneier mentions this concept somewhere on his 
>site, maybe in a FAQ or something.  Implementing blowfish as a 
>Gambas component or library seems like it would be a great first 
>step towards full crypto support in gambas though (with the 
>ultimate goal being a GPG component that managed keys and 
>everything... far off in the future. ;) )
>
>Not a crypto expert here, just been exposed to a lot of security 
>pitfalls over the years at various system administrator gigs.
>
>Rob
>  
>

More information about the User mailing list