[Cryptography] A "koan" about crypto

Lodewijk andré de la porte l at odewijk.nl
Sat Jun 6 22:15:10 EDT 2015


I'm very out-of-love with people suggesting not to implement cryptography.

Mostly because I've done some and done it as well I could. Then I read some
people saying I should ESPECIALLY NOT DO WHAT I JUST DID. Then I read why,
and find I did it all correctly because I learned about what I was doing.

Afterwards, I had made a crypto-using application. In hindsight, it was
relatively easy. With better libraries (more foolproof and high-level
calls) it could have been absolute pie.

Likewise, the code implementing the cryptography itself can also be written
once given the time to learn all about how to write things securely. Things
like timing, cache, power attacks can all be explained. If more people
would go for it, more people would be explaining it, and the general
quality would improve. Perhaps there would even come some sort of framework
for validating one another's work.

Saying "don't implement for you will fail" is just putting the F into FUD,
and keeping everyone crypto-dumb.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150607/a1a22cca/attachment.html>


More information about the cryptography mailing list