"Using somebody else's crypto library" is the shorthand path out but it's worth bearing in mind HOW you use the library may alter how well your product is protected, protects the data.
I like Peter Gutmann's work. I always thought he coded well. Libsodium also looks good. I know the authors behind ssleay, which became OpenSSL and they were people of good intent but the sheer number of exposed interfaces in that library.. its way way out of control.
It would be helpful to mention “signature” in the Data Integrity section. It’s not mentioned specially until later, which is a bit confusing … unless I’m confusing HMAC with the signatures related to CAs mentioned later in the article. Are they both not signatures?
HMAC is a Message Authentication Code (MAC), not a cryptographic signature.
The key difference is that anyone who can verify a MAC could also have created it, whereas with a signature only one entity could create the signature but anyone at all can verify it (the public key is public).
MACs therefore allow repudiation of the authenticated data (one party can claim that any other party with the shared key created the MAC), while signatures prevent that (only the holder of the private key could have signed).
They're related, in that they both provide message authentication and integrity, but otherwise quite different constructions.
I know most of this, but this is a nice, down to earth summary and refresher for someone like me who doesn't actually make decisions about encryption in my day to day.
The first time `age` is mentioned is halfway down in the article. `age` is only mentioned twice and both times as a reference to cite their usage of specific algorithms. I thought it would be more appropriate to cite algorithm choices of modern software written by security experts than me picking algorithms.
I also don't describe what `age` is and its use-cases. So I would have trouble calling that marketing.
It's kind of like if you were reading an article about cleaning furniture and half way down it talks about the virtues of silicone waxing and then provides an example of "new improved Pledge furniture cleaner". The reader would be somewhat taken aback and might wonder if they were being marketed to.
I didn't get the same impression, but age is pretty good.
I find a lot of the PGP hate to be a little overblown, but anyone who's engaged honestly with the issues ought to be able to admit that PGP just isn't a very good tool, and age quite nicely provides an alternative to the last remaining reasons a person could have to still cling to PGP today.
I like Peter Gutmann's work. I always thought he coded well. Libsodium also looks good. I know the authors behind ssleay, which became OpenSSL and they were people of good intent but the sheer number of exposed interfaces in that library.. its way way out of control.