"Don't write your own crypto" is good advice, but it does lead to a situation where a flaw in That One Crypto Library exposes everyone, everywhere, all at once. There's a lot to be learned from biological ecosystems here. I don't know what the optimal number of crypto implementations is, but it's not one.

Maybe we can get them to have sex and let combinatorics provide a huge moving target.

@dl “don’t write your own crypto” isn’t about writing implementations of known good cryptographic primitives but rather inventing new primitives without peer review

@ariadne @dl I feel like there should also be peer reviews for implementations of the cryptographic primitives.

I think the worst is when people extend it even further and you get "don't implement your own crypto-based protocol/format".

@lanodan @dl not needed — the specifications come with test vectors, which are designed in such a way where if the implementation reproduces the test vectors we can have confidence that the implementation is correct

@ariadne @dl Yeah, I'm thinking more about flaws outside of the mathematical correctness.
Things like accidentally not clearing memory or not protecting the secret keys.

@dl but then some library mother can expect too much from her library daughter, and then her library daughter may try to encrypt all the data in the world with a crypto donut!

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!