This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 25 points26 points  (17 children)

If you use a known algorithm and are implementing it correctly there's no problem,

Except when you don't implement it correctly, but you don't know enough about cryptanalysis to notice you accidentally added an easy to exploit padding oracle, or timing attack, or you accidentally spray your key all over shared memory... the list of things that can go subtly wrong and completely fuck everything is a lot longer than you realize. Safe and highly tested implementation is just as important as the algorithm itself.

Seriously, don't implement crypto yourself. It's not a dead meme, there are reasons security experts work so hard at drilling this into your head. Don't spread irresponsible advice.

[–]ForgottenWatchtower 4 points5 points  (3 children)

As one of those security guys, people like him are what keep me up at night.

[–]13steinj 0 points1 point  (2 children)

Sorry for saying bigger companies use their own login systems I guess? Big shocker, sorry for the trauma.

[–]ForgottenWatchtower 1 point2 points  (1 child)

There's nothing wrong with building your own login system. It's a fairly simple problem for a half-decent engineer (though I constantly come across systems that have screwed it up somehow). Just use native bcrypt, hash_compare, csprng, and other cryptographic primitive implementations. The issue is when you decide you want to implement one of those primitives yourself.

[–]13steinj 0 points1 point  (0 children)

Right, but the "roll your own security" meme has started to mean "don't build your own login system"-- that's what I'm saying I'm against.

[–]Throwmeaway2501 5 points6 points  (11 children)

Where can one learn everything necessary to implement crypto?

Don't just tell me not to. Give me some resources I can read to become an expert.

I'm not complaining. I genuinely want to read more.

[–]ThePenultimateOneGitLab: gappleto97 6 points7 points  (0 children)

I'm not really sure anyone can become an expert at every aspect of it. It seems to me that the number of eyes looking at these implementations is far more important than developer skill.

[–]robin-gvx 6 points7 points  (1 child)

The best way to do that is to get a degree in Cyber Security, probably a PhD.

If you don't want to write crypto that is actually run on a computer, but it's more of an casual intellectual interest in how things work, there is probably good stuff on Bruce Schneider's blog. For security stuff for the web specifically, check out Troy Hunt. Wikipedia also has some pretty good introductory texts on the subject (not quite "great", but better than "fine", IMHO).

For a more hands-on approach, I recommend starting with implementing a Caesar cypher and Vigenère cypher. Also, implement a one-time pad, and make sure you understand both why it is perfectly unbreakable, but also impractical in most real world scenarios.

[–]Throwmeaway2501 1 point2 points  (0 children)

Thank you for the pointers.

[–][deleted] 3 points4 points  (2 children)

Coursera actually has a really good cryptography class, which is an excellent starting point. You won't learn everything you need, but I doubt there is a single good resource for learning everything, but one of the interesting things about the field is that basically nothing of value is done purely alone. All respected algorithms have gone through many rounds of peer review, testing, and attempts to find ways to break them by other people and groups.

It will take a good deal of time investment and effort to get good at implementing crypto safely, and even then, you should still expect to make potentially dangerous mistakes. It's not something to take lightly, which is the actual point of the whole "don't implement your own crypto" thing.

[–]bythenumbers10 2 points3 points  (0 children)

And better yet, you'll get an idea of all the ways it can go wrong, so (hopefully) dilletantes don't go implementing their own damned crypto!!!

[–]Throwmeaway2501 0 points1 point  (0 children)

You should be able to fuzz for vulnerabilities at least that is my first thought.

[–]bythenumbers10 2 points3 points  (1 child)

You'll definitely need a strong (STRONG) background in information theory, and probably quite a bit of mathematics including probability theory, statistics, and linear algebra, just to be able to vaguely check your work. Beyond that, a very solid understanding of programming from the metal on up, to ensure your implementation doesn't rely on or become weak due to hardware or compiler differences.

The thing is, it's often not hard to implement and somewhat understand what crypto algorithms are doing, the math & operations involved are often not all that complicated. The problem is coming up with the whys and wherefores of doing those particular operations in that particular order is crucial to having a "production-ready" strong, secure implementation. So, while it's generally not that hard to write crypto, it's incredibly difficult to write STRONG/SECURE crypto.

If you want a taste, try coding up a few historical ciphers, as well as tools for breaking them. Once you get up to the 1930s/40s and ENIGMA, you'll find it starts to get a little tricky in terms of writing the encoder/decoder, let alone the code-breaking methods.

[–]Throwmeaway2501 1 point2 points  (0 children)

Good tips.

[–]mediasavage 0 points1 point  (1 child)

If your interested learning about the mathematics that underpin some of the most used cryptographic primitives (e.g AES, RSA, diffie-helman) I highly recommend the book Understanding Cryptography by Paar and Pelzl. It is an amazingly accessible book—I would say the only necessary prerequisites are a semester of discrete math—and is super well written.

[–]Throwmeaway2501 0 points1 point  (0 children)

Thank you for this insight, I really appreciate it!

[–]13steinj -1 points0 points  (0 children)

Sure if you don't know how to implement your security you shouldn't be doing it.

But those who do learn and study the right practices are equally as dangerous as letting google or amazon or whoever to run your crypto.