general defensive crypto coding principles
Jack Lloyd
lloyd at randombit.net
Sat Feb 11 13:14:29 EST 2006
On Fri, Feb 10, 2006 at 07:21:05PM +1300, Peter Gutmann wrote:
> Well, that's the exact problem that I pointed out in my previous message - in
> order to get this right, people have to read the mind of the paper author to
> divine their intent. Since the consumers of the material in the paper
> generally won't be expert cryptographers (or even inexpert cryptographers,
> they'll be programmers), the result is a disaster waiting to happen.
I would expect that typically implementors would be following a published
standard, which would (well, one would hope) have had expert cryptographers
check it over sometime prior to publication. If your typical application
programmer is just coming up with their own crypto protocol, I personally don't
consider it to be a valid concern because they will with overwhelming odds
completely botch it in any case, and usually in a much less subtle way than
this.
(Actually offhand I can't think of a single non-cryptographer-designed crypto
protocol I've seen that wasn't fundamentally broken, often in a fairly obvious
way. I could believe there have been a few, but the odds seem very much against
it.)
-Jack
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list