New crypto algorithms and mechanisms will be supported in cryptlib when they become generally adopted in implementations of security standards like SSL/TLS, S/MIME, SSH, and PGP. Without this general support, there’s little use for them since nothing would be able to employ them even if they were present in cryptlib. That is, any data produced using these algorithms would be unusable by any other implementation. In addition:
* Because these new mechanisms are barely supported by anything, it will be difficult ?or impossible to use them with crypto hardware such as HSMs or smartcards.
* The security benefits of using some of these new techniques is questionable. For example, standard PKCS #1 version 1.5 is secure when used properly (that is, there’s no real security benefit to using OAEP). Protocols like TLS and S/MIME simply include a note about using PKCS #1 version 1.5 securely, rather than requiring a move to OAEP or PSS.
* If you use some new mechanism, there’s a risk that you’ll be stuck with an orphaned mechanism if something else comes into fashion. SET is stuck with a version of OAEP that nothing else uses any more because of this problem.?
Last Updated on Tuesday, June 9, 2015 by Webmaster