Google Goes Open Source with Crypto

Google is giving the open source community a new security toolkit to play with, Keyczar, which puts Google's efforts in cryptography into the hands of developers anywhere.

Steve Weis, on Google's security blog, writes:

Cryptography is notoriously hard to get right and if improperly used, can create serious security holes. Common mistakes include using the wrong cipher modes or obsolete algorithms, composing primitives in an unsafe manner, hard-coding keys in source code, or failing to anticipate the need for future key rotation.

Google's code addresses that "by choosing safe defaults, tagging outputs with key version information, and providing a simple application programming interface," Weis says.

Keyczar, which is a free download from Google Code, is being released under an Apache 2.0 license.

Despite being "hard to get right," Google is prepared to tackle crypto - - with all of its potential for headaches. On a Keyczar discussion thread, commenter Scott Markwell raised one potentially thorny hypothetical:

what are the plans to handle migrations between (algorithm)? Say a better then brute force attack is developed for AES that makes it a significant risk? Internally are things setup to allow a replacement with a new algo that is more trusted?

Google's Weis answered that it should be difficult to migrate from one crypto algorithm to another, and if new keys are needed, developers could just push one out.

(Update: Weis emailed to say that his point was that migration should not be difficult under this crypto technology.