[liberationtech] Here Come the Encryption Apps

[Maxim Kammerer]

On Sun, Mar 10, 2013 at 12:26 PM, Ralph Holz <holz at net.in.tum.de> wrote:
> But let's have data. How many tools do you know that have been written
> by people with "good basic CS education, undergrad-level course in
> cryptography, solid programming skills and some common sense" (your
> quote) - and that have been shown to be bug-free? On the other hand, how
> many tools have been developed by people who seemed to fall in those
> categories and yet have been shown to be flawed?

This is unrelated to cryptography. I doubt you will find much
difference in such data (if there is any) between e.g. writing
embedded software and writing crypto stuff. There are many amateurs
everywhere, but writing software is not a popularity contest. If you
know what you are doing, there is no reason whatsoever to need an
approval from some bored researcher, or request community feedback
because you want to produce something worthwhile while learning basic
stuff — crypto is not black art, it is just a tool. Knowing what you
are doing is still not a reason to do unnecessarily complex stuff, of
course, and Green has a point about complex protocols. E.g., I think
that OTR is unnecessarily complex, and would not use it in my projects
unless it was proven correct with something like SPIN model checker,
but suum cuique.

-- 
Maxim Kammerer
Liberté Linux: http://dee.su/liberte