Ben Laurie wrote:

[snip discussion of bad crypto implementation practices]
> Because he is steeped in the craft
> knowledge around crypto. But most developers aren't. Most developers
> don't even have the right mindset for secure coding, let alone correct
> cryptographic coding. So, why on Earth do we expect them to follow our
> unwritten rules, many of which are far from obvious even if you
> understand the crypto?

Yes, there's a need for a "crypto practices FAQ" to which one can refer.
In addition to individual education, it'd be helpful to have something
when pointing out common mistakes. For example, I was involved recently
in a discussion about MAC'ing prices returned by a shopping cart web

There's at least two gotchas here to consider:

1) The choice of MAC (i.e. why use HMAC instead of H(s||m) or H(m||s) ?)
2) replay attacks if the MAC'd item is not bound to the transaction or
the rest of the web page

I can point out these issues, but I don't usually have time to write
fully detailed examples. Having such examples goes a long way towards
increasing one's credibility in this kind of discussion. Ideally they
would be from deployed applications, but that's tough.

-David Molnar

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to