Writing Secure Code
| | ||
Sin 17: Unauthenticated Key Exchange Summary
-
Do realize that key exchange alone is often not secure. You must authenticate the other party or parties also.
-
Do use off-the-shelf solutions for session establishment, such as SSL/TLS.
-
Do ensure that you read all the fine print to make sure you have strongly authenticated every party.
-
Consider calling in a cryptographer if you insist on using custom solutions.