[Cryptography] RSA is dead.

ianG iang at iang.org
Mon Dec 23 05:58:24 EST 2013


On 23/12/13 02:17 AM, Patrick Mylund Nielsen wrote:

> But how will we do crypto then? :)


There is an evolving sense that we can do more to help.

1.  toolboxes are moving up the stack.  We aren't interested in 
encryption algorithms any more, we're interested in authenticated 
encryption algorithms.

2.  Competitions are delivering our best results, not committees or 
government fiat.  e.g., above, there is a competition called CAESAR for 
AE modes.

3.  If you look at DJB's design for curve25519xsalsa20poly1305 you will 
see further movement up the stack -- one way to do the whole thing.

4.  In Object oriented coding it gets even easier.  I use a concept I 
call a Cryptor which combines everything together and does both ends. 
Popular cryptors would be nice.

5.  We do need more basic cryptoplumbers.  So one of the things we can 
do is unwind the pogrom against ordinary coders doing crypto.  Knock 
yourself out, you can only hurt yourself and your customers, and the 
concept of a false sense of security has not been shown to be any more 
than another false myth amongst hundreds.

6.  Many more counterculture hints here:
http://iang.org/ssl/hn_hypotheses_in_secure_protocol_design.html

7.  Learn some risk analysis.  This is how life is;  take some risks. 
Risk analysis gives you a framework for deciding how much effort to put 
into things, and also points out that security is wider than tech or 
crypto or yet another software feature.



iang


More information about the cryptography mailing list