Cryptography and D
Xinok via Digitalmars-d
digitalmars-d at puremagic.com
Sun Jun 29 11:47:54 PDT 2014
On Sunday, 29 June 2014 at 17:45:41 UTC, Nick Sabalausky wrote:
> The crypto algorithms are very well defined and documented. You
> don't need to understand the theory behind them in order to
> implement them. You just need to be able to:
>
> - Read/follow the spec accurately
> - NOT invent your own variants/algorithms
> - Be pedantic about avoiding the normal sets of potential
> software exploits (as you would with any software that handles
> sensitive data).
> - Write/use sufficiently pedantic tests
> - Be up-to-date on what's algos are considered outdated and
> questionably secure.
>
> This is a standard "scientist vs engineer" issue. The crypto
> experts are the scientists who figured it all out. We're the
> engineers who take their information and use it.
>
> Obviously being well-versed in crypto theory *in addition* to
> everything above is even better still, but it isn't essential.
> The five critica above are essential.
There's so much more to securely implementing cryptography than
what you listed. I highly recommend reading about side-channel
attacks:
https://en.wikipedia.org/wiki/Side-channel_attack
https://www.schneier.com/crypto-gram-9806.html#side
Proper cryptographic libraries are written in such a way to
mitigate these types of attacks. It's a complex field of study
and something best left to the experts.
More information about the Digitalmars-d
mailing list