On 6/29/2014 3:25 PM, Chris Cain wrote:
On Sunday, 29 June 2014 at 17:45:41 UTC, Nick Sabalausky wrote:
The crypto algorithms are very well defined and documented. You don't
need to understand the theory behind them in order to implement them.
You just need to be able to:
- Read/follow the spec accurately
- NOT invent your own variants/algorithms
- Be pedantic about avoiding the normal sets of potential software
exploits (as you would with any software that handles sensitive data).
- Write/use sufficiently pedantic tests
- Be up-to-date on what's algos are considered outdated and
questionably secure.
This is a standard "scientist vs engineer" issue. The crypto experts
are the scientists who figured it all out. We're the engineers who
take their information and use it.
Obviously being well-versed in crypto theory *in addition* to
everything above is even better still, but it isn't essential. The
five critica above are essential.
Of course, following all of those suggestions isn't trivial to begin
with. Technically, you're right, but because what you said isn't easy to
follow to begin with, it doesn't support the argument of "you can
implement a crypto algorithm."
[...]
Most of what you and Xinok said is certainly right. I was mainly
objecting to the notion that having formal background in
cryptographic-therory (or even an informal/autodidactic background in
crypto theory, for that matter) is a particularly important part of
implementing a crypto algorithm. (Although again, I'm not saying it
couldn't be helpful).
Addressing things such as the various side-channel attacks are certainly
important for a crypto lib, and non-trivial. But they are not directly
part of cryptographic theory, nor is their importance limited to
cryptographic algorithms (For example, thwarting timing attacks is a
prudent measure even when comparing password hashes which have *already*
been computed via the crypto hash algorithm).
> any implementation of any crypto
> algorithm must, at minimum, be studied and criticized by several experts
> in both crypto (to verify you're logically following the spec) and
> experts in the language itself (to verify that what you have typed is
> guaranteed to ultimately be accurately represented in machine code).
Sure, I can buy that.
Although, naturally, the only way to get such critical analysis
performed on an implementation is to start by creating an implementation
in the first place :) Gotta start somewhere.
Besides, if intelligent people scare themselves away from trying, then
the only people implementing them would be 1% super-experts and 99%
people too unqualified to even *realize* they don't know what they're
doing ;)
Additionally, given how widespread heartbleed was, I think it's clear
that having more crypto implementations in the wild is a good thing - it
would limit the potential reach of damage from flaws in any one
particular implementation. Diversity in the digital gene pool, so to
speak. (Assuming they're of suitable quality, of course, but again:
gotta start somewhere, can't analyze an implementation that doesn't exist.)
Speaking of which, it certainly wouldn't hurt to get more expert-level
eyes on std.digest.*, including the recently added SHA-2 support.
> only possible with people that have doctorates in cryptography. :)
Not to get too pedantic (too late? ;) ), but doctorates (like other
degrees) are merely certification. The important thing is actual
expertise. Degrees, at their core, are nothing more than an [expensive]
attempt to *indicate* such expertise, and are highly prone to both false
positives and false negatives.
