On 6/29/2014 12:53 PM, Chris Cain wrote:
On Sunday, 29 June 2014 at 09:24:39 UTC, Tobias Pankrath wrote:
The best way to become one of these damned few people is getting
started though.
If "getting started" means go to college and get a doctorate for Crypto,
I agree.
If "getting started" means write some crypto libraries until you get it
right, I'm running away from this topic in horror.
The crypto algorithms are very well defined and documented. You don't
need to understand the theory behind them in order to implement them.
You just need to be able to:
- Read/follow the spec accurately
- NOT invent your own variants/algorithms
- Be pedantic about avoiding the normal sets of potential software
exploits (as you would with any software that handles sensitive data).
- Write/use sufficiently pedantic tests
- Be up-to-date on what's algos are considered outdated and questionably
secure.
This is a standard "scientist vs engineer" issue. The crypto experts are
the scientists who figured it all out. We're the engineers who take
their information and use it.
Obviously being well-versed in crypto theory *in addition* to everything
above is even better still, but it isn't essential. The five critica
above are essential.
