Hi, > For some reason some cryptographers seem to perpetuate the idea that > correctly using crypto is something utterly complex and should be > reserved to experts like themselves, or at least require their solemn > approval. This is not the case with cryptographers that I know (who
I find that an extreme interpretation of what cryptographers utter. But let's have data. How many tools do you know that have been written by people with "good basic CS education, undergrad-level course in cryptography, solid programming skills and some common sense" (your quote) - and that have been shown to be bug-free? On the other hand, how many tools have been developed by people who seemed to fall in those categories and yet have been shown to be flawed? What data we have seems to tell us we should be extremely careful with writing crypto. I am prepared to stand corrected here, but I would like to see some examples. All that said, I actually agree with the notion that developers and students should play around with crypto as much as they can - we are going to need new cryptographers at some point, right? What I also think, however, is that their solutions should never be put into production code before thorough review by the experienced guys. Disclaimer: I do not count myself among the latter. :) Ralph -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
