[liberationtech] Here Come the Encryption Apps
Ralph Holz
holz at net.in.tum.de
Sun Mar 10 03:26:35 PDT 2013
Hi,
> For some reason some cryptographers seem to perpetuate the idea that
> correctly using crypto is something utterly complex and should be
> reserved to experts like themselves, or at least require their solemn
> approval. This is not the case with cryptographers that I know (who
I find that an extreme interpretation of what cryptographers utter.
But let's have data. How many tools do you know that have been written
by people with "good basic CS education, undergrad-level course in
cryptography, solid programming skills and some common sense" (your
quote) - and that have been shown to be bug-free? On the other hand, how
many tools have been developed by people who seemed to fall in those
categories and yet have been shown to be flawed?
What data we have seems to tell us we should be extremely careful with
writing crypto. I am prepared to stand corrected here, but I would like
to see some examples.
All that said, I actually agree with the notion that developers and
students should play around with crypto as much as they can - we are
going to need new cryptographers at some point, right? What I also
think, however, is that their solutions should never be put into
production code before thorough review by the experienced guys.
Disclaimer: I do not count myself among the latter. :)
Ralph
More information about the liberationtech
mailing list