Crypto Craft Knowledge
David Molnar
dmolnar at eecs.berkeley.edu
Sat Feb 14 15:54:29 EST 2009
Ben Laurie wrote:
[snip discussion of bad crypto implementation practices]
> Because he is steeped in the craft
> knowledge around crypto. But most developers aren't. Most developers
> don't even have the right mindset for secure coding, let alone correct
> cryptographic coding. So, why on Earth do we expect them to follow our
> unwritten rules, many of which are far from obvious even if you
> understand the crypto?
Yes, there's a need for a "crypto practices FAQ" to which one can refer.
In addition to individual education, it'd be helpful to have something
when pointing out common mistakes. For example, I was involved recently
in a discussion about MAC'ing prices returned by a shopping cart web
application:
http://news.ycombinator.com/item?id=477398
There's at least two gotchas here to consider:
1) The choice of MAC (i.e. why use HMAC instead of H(s||m) or H(m||s) ?)
2) replay attacks if the MAC'd item is not bound to the transaction or
the rest of the web page
I can point out these issues, but I don't usually have time to write
fully detailed examples. Having such examples goes a long way towards
increasing one's credibility in this kind of discussion. Ideally they
would be from deployed applications, but that's tough.
-David Molnar
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20090214/4f86c625/attachment.pgp>
More information about the cryptography
mailing list