Google Goes Open Source with Crypto
Steve Weis, on Google's security blog, writes:
Google's code addresses that "by choosing safe defaults, tagging outputs with key version information, and providing a simple application programming interface," Weis says.
Keyczar, which is a free download from Google Code, is being released under an Apache 2.0 license.
Despite being "hard to get right," Google is prepared to tackle crypto - - with all of its potential for headaches. On a Keyczar discussion thread, commenter Scott Markwell raised one potentially thorny hypothetical:
Google's Weis answered that it should be difficult to migrate from one crypto algorithm to another, and if new keys are needed, developers could just push one out.
(Update: Weis emailed to say that his point was that migration should not be difficult under this crypto technology.