[Cryptography] "We need crypto code training" and other obviosities.

[John-Mark Gurney]

ianG wrote this message on Fri, Oct 23, 2015 at 16:18 +0100:
> If I had to have a stab at what this means, I'd say that crypto 
> programming is 90% good programming, 9% good business understanding and 
> 1% crypto.
> 
> Just to be flagrant, of course!  What say others?

One BIG issue in crypto code is side channel attacks, and no matter
how good a programmer you are, you aren't going to code for side
channel attacks because it intentionally makes your program slower...

GCM for example will leak like a sieve if you use an 8bit lookup
table, which is the best/fastest way to implement it on modern
systems...

This aspect alone puts the crypto at minimum 10-20%.  Yes, it isn't
complex, but is absolutely manditory.

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."