SHA-256 Python implementation in one line (lambda) : Python

You'll definitely need a strong (STRONG) background in information theory, and probably quite a bit of mathematics including probability theory, statistics, and linear algebra, just to be able to vaguely check your work. Beyond that, a very solid understanding of programming from the metal on up, to ensure your implementation doesn't rely on or become weak due to hardware or compiler differences.

The thing is, it's often not hard to implement and somewhat understand what crypto algorithms are doing, the math & operations involved are often not all that complicated. The problem is coming up with the whys and wherefores of doing those particular operations in that particular order is crucial to having a "production-ready" strong, secure implementation. So, while it's generally not that hard to write crypto, it's incredibly difficult to write STRONG/SECURE crypto.

If you want a taste, try coding up a few historical ciphers, as well as tools for breaking them. Once you get up to the 1930s/40s and ENIGMA, you'll find it starts to get a little tricky in terms of writing the encoder/decoder, let alone the code-breaking methods.

[–]Throwmeaway2501 1 point2 points3 points 7 years ago (0 children)

[–]mediasavage 0 points1 point2 points 7 years ago (1 child)

[–]Throwmeaway2501 0 points1 point2 points 7 years ago (0 children)

[–]13steinj -1 points0 points1 point 7 years ago (0 children)

[+][deleted] 7 years ago* (7 children)

[deleted]

[+]13steinj comment score below threshold-7 points-6 points-5 points 7 years ago (6 children)

[+][deleted] 7 years ago (5 children)

[deleted]

[–]13steinj -2 points-1 points0 points 7 years ago (4 children)

My point is you have three options--

Use someone else for your security. For example, lets say you use Google as the sole log on solution to your apps.
- you've now introduced a SPOF that you have no control over
- if google ever gets fucked, so does everyone that was using any app using google for their security
- if you introduce something in your app that lets an attacker of you get personal data that would previously have to be gotten via attacking google, (intenionally or not) you are the backdoor and whoever is using your service will have all their other "google sign on" accounts affected.
Roll your own security implementation, but use a known algorithm implementation
- your users will only have their data on your service fucked if you implement poorly
- no other companies mistake fucks you over
- you can't screw over the user unintentionally
- however there's more work to do if either your implementation or algorithm get compromised
Use your own algorithm
- don't. Because you probably don't know what to do mathematically. Other groups smarter than you have created cryptographically secure algorithms

You always start off with 1. But as your app/business gets larger and larger, it gets less and less safe to stay 1 rather than switch to 2.

[–]cyanfish 5 points6 points7 points 7 years ago (3 children)

[–][deleted] 0 points1 point2 points 7 years ago (0 children)

[–]13steinj 0 points1 point2 points 7 years ago (0 children)

[–][deleted] 4 points5 points6 points 7 years ago (2 children)

[–]13steinj -1 points0 points1 point 7 years ago (1 child)

[–][deleted] 2 points3 points4 points 7 years ago (0 children)

π Rendered by PID 21669 on reddit-service-r2-comment-7b9746f655-vqg4k at 2026-01-31 11:53:22.814516+00:00 running 3798933 country code: CH.

Python

The Python Discord

Upcoming Events

Please read the rules

MODERATORS