[Qt-interest] QCA big string encryption

Jason H scorp1us at yahoo.com
Mon Apr 25 05:37:02 CEST 2011 

I work with HIPA, which is ironically more regulated than financial data. SSL is 
fine for our purposes. TLS is slightly better, but SSLv3 and TLSv1 are 
essentially the same. And even then HIPA's requirements are achievable with 
'weak' encryption. No offense, but it is clear you don't know what is going on 
with any kind of encryption (symmetric or asymmetric) so I advise against using 
whatever you are trying to roll on your own.

And for what you need, PGP isn't needed (or GnuPG for that matter) all you need 
is OpenSSL. OpenSSL generates the keys that are imported into GPG. (Though GPG 
will use OpenSSL for key generation).

I'm not going to get into a whole crypto debate. Just use SSL for transport, (or 
TLS if you need host level authentication) and worry about encrypted storage, if 
you have to.





----- Original Message ----
From: Ross Driedger <ross at earz.ca>
To: qt-interest at qt.nokia.com
Sent: Sun, April 24, 2011 6:20:55 PM
Subject: Re: [Qt-interest] QCA big string encryption


On 24-Apr-11, at 5:52 PM, Nicholas Shatokhin wrote:

> I use SSL, but I must be sure that the system is completely safe (it  
> can
> send a very confidential data). So I'm trying to add additional  
> encryption.

No system is 'completely safe'.  It is possible that SSL's asymmetric  
algorithm could be broken tomorrow (just like any other encryption  
scheme), highly unlikely but millions of transactions worth billions  
of dollars are made every day using SSL.

As far as we can tell, security issues with SSL are more related to  
infrastructure and server security, not so much the algorithm.

If you are considering 'encrypting twice' with two different  
algorithms, that really doesn't add much.  I would suggest that you  
use the Qt implementation of secure sockets and ensure that your  
server security is solid.


-- 
"Sometimes I think the surest sign that intelligent life exists  
elsewhere in the universe is that none of it has tried to contact us."
Bill Waterson (Calvin & Hobbes)

Ross Driedger



_______________________________________________
Qt-interest mailing list
Qt-interest at qt.nokia.com
http://lists.qt.nokia.com/mailman/listinfo/qt-interest

More information about the Qt-interest-old mailing list