Nick Coghlan <ncoghlan@gmail.com> wrote:
Bill Janssen wrote:
Again, I wasn't proposing to replace m2cryto or pycrypto or anything else; I was suggesting that providing easy-to-use APIs to a couple of commonly-requested crypto features, for use by non-cryptographers, wouldn't be a bad idea.
Actually, it could be a really bad idea that leads to people thinking they have secured something when they have in fact done nothing of the sort.
I don't think so. People make mistakes continually. Part of life. Making it easier to do things leads to that sort of misunderstanding. That being said, are there ways to make things more foolproof?
Having to go find a crypto library at least means a developer has put in a minimal amount of thought.
Too much, IMO. Bill