On Sunday, 29 June 2014 at 17:45:41 UTC, Nick Sabalausky wrote:
The crypto algorithms are very well defined and documented. You
don't need to understand the theory behind them in order to
implement them. You just need to be able to:
- Read/follow the spec accurately
- NOT invent your own variants/algorithms
- Be pedantic about avoiding the normal sets of potential
software exploits (as you would with any software that handles
sensitive data).
- Write/use sufficiently pedantic tests
- Be up-to-date on what's algos are considered outdated and
questionably secure.
This is a standard "scientist vs engineer" issue. The crypto
experts are the scientists who figured it all out. We're the
engineers who take their information and use it.
Obviously being well-versed in crypto theory *in addition* to
everything above is even better still, but it isn't essential.
The five critica above are essential.
Of course, following all of those suggestions isn't trivial to
begin with. Technically, you're right, but because what you said
isn't easy to follow to begin with, it doesn't support the
argument of "you can implement a crypto algorithm."
I've seen not-so-subtle violations of "follow the spec
accurately" and it's especially easy to do in C/C++ where
"undefined behavior" will cause the compiler to rewrite your
program in sometimes very unpredictable ways. Sure, that
situation is better in D, but the precedence is that to suggest
that any implementation of any crypto algorithm must, at minimum,
be studied and criticized by several experts in both crypto (to
verify you're logically following the spec) and experts in the
language itself (to verify that what you have typed is guaranteed
to ultimately be accurately represented in machine code).
Basically, if you have data you must have secured (the reason why
you'd use a crypto algorithm to begin with), you must go beyond a
sane level of pedantry. The only acceptable insane level of
pedantry I know of is only possible with people that have
doctorates in cryptography. :)
Plus, add what Xinok said. That's showing the level of pedantry
we're talking about with crypto where you have to cover things
like timing attacks and power analysis (or, admit that your
crypto library isn't suitable for covering those attacks).
That's not to say you shouldn't ever do it, but you really need
to truly understand what it is you're doing when you implement
any crypto. Even using crypto requires a certain (often ignored)
level of knowledge or you introduce issues.
