Sept. 22, 2009
9:23 p.m.
CTO <debatem1@gmail.com> wrote:
If you don't know what the application is, you don't know what's secure and what isn't. We have no way of knowing, and so should resist the temptation to guess.
"secure" is not the same as "strongly encrypted". I'm looking at providing a simple way to do encryption here, not security. Let's just focus on that, first. I think defaulting to Blowfish or AES256 would be a reasonable tack to take there. I suggested AES256 because it seems to me more likely to be widely available.
AFAIK, AES and RSA are the most commonly used algorithms in EVP. Maybe it would make more sense to take the more traditional keygen-encrypt-decrypt approach?
Sure, maybe so. What would a proposed interface look like, then? Bill