[Cryptography] "We need crypto code training" and other obviosities.
ianG
iang at iang.org
Sat Oct 24 07:08:02 EDT 2015
On 24/10/2015 07:37 am, Jean-Philippe Aumasson wrote:
>
> On Fri, Oct 23, 2015 at 9:01 PM ianG <iang at iang.org
> <mailto:iang at iang.org>> wrote:
>
> If I think of my crypto students over time, none of them were ever
> taught a formal course in crypto programming. In all cases it was like,
> here's this problem, here's some tips on implementations, go at it. My
> last student managed Salsa/ChaCha, Poly, RNG and a DH key exchange,
> building on about 1 years worth of CS with Java and no prior crypto
> experience - using papers and direction and net and sweat and tears.
> Not from "a course" athough she did return from internship and do the
> formal university crypto101 course afterwards.
>
> ...
>
> I'm not saying such a thing as a crypto programming course or whatever
> "training" means isn't needed - or wouldn't make a difference - just
> that we don't seem to have it, so I'm a bit skeptical that we got as far
> as we did if it was entirely necessary.
>
>
>
> Shameless plug: I'll give a course "crypto for developers" at the next
> Troopers, where I'll address these issues (and also basics of crypto).
For your imagined sins - perhaps you or anyone could post a topics list?
In the sense of, if we knew what a crypto programming course looked
like, we could possibly predict its impact better. Something like:
Day 1: hashes & HMACs
Day 2: symmetric ciphers
Day 3: public key crypto
Day 4: key exchange
iang
More information about the cryptography
mailing list