Don’t Use Low-Level Crypto Libraries
Hopefully we’re now in agreement that we shouldn’t roll our own crypto. It might seem that all we need to do is grab a low-level encryption library and start using its AES encryption and decryption functions. After all, that’s not “rolling our own crypto.”
As we’ll see in this next section, low-level encryption libraries present a lot of configuration choices that are easy to misuse. For example, many low-level cryptography libraries provide support for outdated algorithms like MD5 and 3DES. And oftentimes comparisons of libraries such as Wikipedia’s show supported algorithms in a way makes it seem as though libraries with support for more algorithms are fuller featured.[67] Low-level libraries don’t provide ...
Get Practical Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
