/tech/ - Technology★

man 3 crypto

>>886787

Never mind, that's erlang man page

>>733048

#include <openssl/aes.h>

>>886795

but is it cross platform?

man 1 gpg

Don't write your own if you can avoid it.

>>886797

Is openssl cross-platform nigger?

>>886825

This. You're more than likely going to do it wrong OP, because by your admission, you don't know anything about encryption. Do you know what an Initialization vector is? If no, then use an existing tool. Revisit the matter only once you've studied crypto.

libgcrypt

and it comes with all these neat features enabled by default

Libgcrypt makes use of certain hardware features. If the use of a feature is not desired it may be either be disabled by a program or globally using a configuration file. The currently supported features are

padlock-rng
padlock-aes
padlock-sha
padlock-mmul
intel-cpu
intel-fast-shld
intel-bmi2
intel-ssse3
intel-pclmul
intel-aesni
intel-rdrand
intel-avx
intel-avx2
intel-rdtsc
arm-neon

intel-rdrand and intel-aesni are especially useful for ultrasecure crypto

>>886851

It doesn't matter how secure your library's features are, if you don't know what you're doing you can still make something insecure out of it without meaning to.

Correct crypto is hard. Don't tell people that using the right library will let them make something """ultrasecure""".

From your post I can tell you do not even know what AES is. Please do more research on what you actually want.

>>886853

>taking the bait

OP, I keep hearing this all the time with crypto.

>It's too hard.

>Don't do it.

>You don't know what you are doing.

If you don't fuck around and screw up, you aren't going to learn anything.

>>886860

>and screw up

It's hard to know if you've screwed up though. For example, if you didn't know what a timing attack was, you might not notice a screw up by using an operation which does not take constant time.

Another problem is when people create their own crypto scheme which they think is better than xyz. Without having studied cryptography it is very easy not realize how dumb what you came up with is.

>>886860

Fucking around is fine, just don't use your own code in any situation where you need security.

>>886870

Not a problem.

>>886872

If someone is programming and doesn't know about race conditions, then they still have room to learn. I am not suggesting OP to release his software publicly, and OP doesn't seem to suggest that. If he wants to learn, then I encourage that.

>>886875

Don't see why OP shouldn't use his own code if he is trying to learn.

>>886870

>it's that autistic "secure PHP cryptography" guy again

wew

>>886870

>underage channers try to write crypto

lol. Tox has always been an awful meme.

>>886885

>race conditions

At least when you are running into race conditions, you might notice your program behaving wrong. With a poor cryptographic implementation, it might be built to spec, but is vulnerable to an attack.

I would rather encourage actually learning some cryptography before trying to implement something. For example, if the OP just used AES to encrypt 16 bytes (128 bits), it would be bad. You can just do the inverse of AES to recover those 16 bytes.

>>886851

i can't use that because it's a linux lib. im writing this for windows.

>>886937

your fucked then

https://msdn.microsoft.com/en-us/library/windows/desktop/aa376210(v=vs.85).aspx

enjoy this documentation about the windows crypto api.

>>886937

or actually, openssl is cross platform and so is libgcrypt

    To build libgcrypt for Microsoft Windows, you need to have the
    mingw32 cross-building toolchain installed.  Instead of running a
    plain configure you use

      ./autogen.sh --build-w32
      make
      make install

https://github.com/gpg/libgcrypt

i would just ignore the windows crypto api garbage.

>>886931

>I would rather encourage actually learning some cryptography before trying to implement something.

How do you learn without doing?

>>886955

now this is what im looking for. thanks.

i already have mingw32 gcc installed so i might be able to use this.

>>886960

Because you learn by studying the mathematics behind it.

>>886968

as far as i can tell crypto is for math wizards. i was never good at math myself and the programs i generally write only require basic math.

>>886960

Go to school, or get some textbooks and teach yourself. There isn't a good alternative if you want a compressive understanding of the subject. You can pick some stuff up by bouncing around, but you'll find that your understanding has holes in it.

>>887025

>pay the jew

you don't need any of this, all of the documentation is freely available. do not pay a dime unless you really want that piece of paper, it looks good on the resume, but as far as learning goes it's worthless.

>>887070

It's an option for people who don't have the motivation to work through the material themselves.