Cryptography and D

[Nick Sabalausky via Digitalmars-d]

On 6/29/2014 3:25 PM, Chris Cain wrote:
> On Sunday, 29 June 2014 at 17:45:41 UTC, Nick Sabalausky wrote:
>> The crypto algorithms are very well defined and documented. You don't
>> need to understand the theory behind them in order to implement them.
>> You just need to be able to:
>>
>> - Read/follow the spec accurately
>> - NOT invent your own variants/algorithms
>> - Be pedantic about avoiding the normal sets of potential software
>> exploits (as you would with any software that handles sensitive data).
>> - Write/use sufficiently pedantic tests
>> - Be up-to-date on what's algos are considered outdated and
>> questionably secure.
>>
>> This is a standard "scientist vs engineer" issue. The crypto experts
>> are the scientists who figured it all out. We're the engineers who
>> take their information and use it.
>>
>> Obviously being well-versed in crypto theory *in addition* to
>> everything above is even better still, but it isn't essential. The
>> five critica above are essential.
>
> Of course, following all of those suggestions isn't trivial to begin
> with. Technically, you're right, but because what you said isn't easy to
> follow to begin with, it doesn't support the argument of "you can
> implement a crypto algorithm."
>[...]

Most of what you and Xinok said is certainly right. I was mainly 
objecting to the notion that having formal background in 
cryptographic-therory (or even an informal/autodidactic background in 
crypto theory, for that matter) is a particularly important part of 
implementing a crypto algorithm. (Although again, I'm not saying it 
couldn't be helpful).

Addressing things such as the various side-channel attacks are certainly 
important for a crypto lib, and non-trivial. But they are not directly 
part of cryptographic theory, nor is their importance limited to 
cryptographic algorithms (For example, thwarting timing attacks is a 
prudent measure even when comparing password hashes which have *already* 
been computed via the crypto hash algorithm).

 > any implementation of any crypto
 > algorithm must, at minimum, be studied and criticized by several experts
 > in both crypto (to verify you're logically following the spec) and
 > experts in the language itself (to verify that what you have typed is
 > guaranteed to ultimately be accurately represented in machine code).

Sure, I can buy that.

Although, naturally, the only way to get such critical analysis 
performed on an implementation is to start by creating an implementation 
in the first place :) Gotta start somewhere.

Besides, if intelligent people scare themselves away from trying, then 
the only people implementing them would be 1% super-experts and 99% 
people too unqualified to even *realize* they don't know what they're 
doing ;)

Additionally, given how widespread heartbleed was, I think it's clear 
that having more crypto implementations in the wild is a good thing - it 
would limit the potential reach of damage from flaws in any one 
particular implementation. Diversity in the digital gene pool, so to 
speak. (Assuming they're of suitable quality, of course, but again: 
gotta start somewhere, can't analyze an implementation that doesn't exist.)

Speaking of which, it certainly wouldn't hurt to get more expert-level 
eyes on std.digest.*, including the recently added SHA-2 support.

 > only possible with people that have doctorates in cryptography. :)

Not to get too pedantic (too late? ;) ), but doctorates (like other 
degrees) are merely certification. The important thing is actual 
expertise. Degrees, at their core, are nothing more than an [expensive] 
attempt to *indicate* such expertise, and are highly prone to both false 
positives and false negatives.