Ben Laurie wrote: [snip discussion of bad crypto implementation practices] > Because he is steeped in the craft > knowledge around crypto. But most developers aren't. Most developers > don't even have the right mindset for secure coding, let alone correct > cryptographic coding. So, why on Earth do we expect them to follow our > unwritten rules, many of which are far from obvious even if you > understand the crypto?
Yes, there's a need for a "crypto practices FAQ" to which one can refer. In addition to individual education, it'd be helpful to have something when pointing out common mistakes. For example, I was involved recently in a discussion about MAC'ing prices returned by a shopping cart web application: http://news.ycombinator.com/item?id=477398 There's at least two gotchas here to consider: 1) The choice of MAC (i.e. why use HMAC instead of H(s||m) or H(m||s) ?) 2) replay attacks if the MAC'd item is not bound to the transaction or the rest of the web page I can point out these issues, but I don't usually have time to write fully detailed examples. Having such examples goes a long way towards increasing one's credibility in this kind of discussion. Ideally they would be from deployed applications, but that's tough. -David Molnar
Description: OpenPGP digital signature