[Discuss] KeePassX

Kent Borg kentborg at borg.org
Fri Aug 16 08:55:35 EDT 2013 

On 08/15/2013 06:35 PM, Edward Ned Harvey (blu) wrote:
> [...] That's why I only *use* cryptography and don't *create* it. I 
> read a book and took a class on how to *use* cryptography. I am 
> utterly unqualified to create ciphers and hashes. 

You make such a valuable point.

No one should think they can design good cryptographic primitives. 
(Anyone can create a cypher that s/he can't break and be fooled into 
thinking it is good, but being able to break your own cypher isn't the 
point.)  Some are much closer to being qualified, but the biggest part 
of their qualifications is a reputation that will prompt others with 
similar talent to put time and effort into critiquing their work.  Maybe 
cryptography shouldn't be designed by committee, but it really does need 
to be shot full of holes by a committee, of really smart and motivated 
people, examining it very carefully.

Less ambitions: few should think they can even implement trusted designs 
by others.  Not unless you are that really persnickety and anal and 
paranoid and skeptical and the extraordinarily rare programmer who can 
write bug-free code.  (I have met only two or three who come close.)

In most programs one little mistake will frequently not matter. That is 
how we survive with programs that have lots of bugs.  But cryptography 
is different.  One little mistake is likely to break it all.  
Cryptography needs to approach perfect.

Over the years I have spent a lot of time paying attention to 
cryptography and feel like I have reached the most basic level of 
competence: I have some hope of competently deploying cryptography that 
others have carefully designed and implemented; I have some appreciation 
of the limits of my understanding and hope I would shrink before trying 
to wield things I didn't understand.  And before deploying my work, I 
would still want to write up a careful summary of what I did, how it is 
useful, how it is not, what assumptions have been made, and the 
resulting limitations.  (Do commercial crypto products ever include such 
information?)  And then I would want someone smart to carefully look 
over my work.

I know enough to know it is easy to mess up.  Which means I know more 
than Microsoft.


-kb

More information about the Discuss mailing list