[Cryptography] "We need crypto code training" and other obviosities.
John-Mark Gurney
jmg at funkthat.com
Fri Oct 23 18:01:14 EDT 2015
ianG wrote this message on Fri, Oct 23, 2015 at 16:18 +0100:
> If I had to have a stab at what this means, I'd say that crypto
> programming is 90% good programming, 9% good business understanding and
> 1% crypto.
>
> Just to be flagrant, of course! What say others?
One BIG issue in crypto code is side channel attacks, and no matter
how good a programmer you are, you aren't going to code for side
channel attacks because it intentionally makes your program slower...
GCM for example will leak like a sieve if you use an 8bit lookup
table, which is the best/fastest way to implement it on modern
systems...
This aspect alone puts the crypto at minimum 10-20%. Yes, it isn't
complex, but is absolutely manditory.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the cryptography
mailing list