Daniel Lowe
Follow

"Don't write your own crypto" is good advice, but it does lead to a situation where a flaw in That One Crypto Library exposes everyone, everywhere, all at once. There's a lot to be learned from biological ecosystems here. I don't know what the optimal number of crypto implementations is, but it's not one.

Maybe we can get them to have sex and let combinatorics provide a huge moving target.

· · 3 · 3 · 11
Ariadne Conill

@dl “don’t write your own crypto” isn’t about writing implementations of known good cryptographic primitives but rather inventing new primitives without peer review

1
Haelwenn /элвэн/ :triskell:
@ariadne @dl I feel like there should also be peer reviews for implementations of the cryptographic primitives.

I think the worst is when people extend it even further and you get "don't implement your own crypto-based protocol/format".
1
Ariadne Conill

@lanodan @dl not needed — the specifications come with test vectors, which are designed in such a way where if the implementation reproduces the test vectors we can have confidence that the implementation is correct

1
Haelwenn /элвэн/ :triskell:
@ariadne @dl Yeah, I'm thinking more about flaws outside of the mathematical correctness.
Things like accidentally not clearing memory or not protecting the secret keys.
0
Moving to Horsepiss soon

@dl ai generated cryptos

0
Inga stands with Ukraine

@dl but then some library mother can expect too much from her library daughter, and then her library daughter may try to encrypt all the data in the world with a crypto donut!

0
Sign in to participate in the conversation
Cantos.social

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!

Trending now

Resources

Developers

What is Mastodon?

cantos.social

More…

v3.5.3 · Privacy policy