zlacker

[return to "Ask HN: What scientific phenomenon do you wish someone would explain better?"]
1. memset+tD[view] [source] 2020-04-27 00:33:30
>>qqqqqu+(OP)
Crypto and practical security. I get tired of the circular “don’t roll your own crypto unless you’re qualified”. How does one become qualified? I don’t feel like I know how to evaluate many of the arguments people make for or against technologies people argue about on HN, such as Signal or different password managers. I feel like “security through obscurity” is a bad thing, and “layers of security” are a good thing, but isn’t all security obscuring something, and how does one evaluate whether a layer is adequate? “Just use bcrypt” - okay, help me understand!
◧◩
2. bencha+RW[view] [source] 2020-04-27 04:39:49
>>memset+tD
You should study cryptanalysis. This is why rolling your own crypto is dangerous. Not just because the result is going to be insecure, but also because it isn’t particularly educational, but it feels like it is. It is easy to convince yourself you know more than you do if you spend a lot of time playing with bad crypto systems.

Edit: I should add that even if you are an expert in cryptanalysis, you still shouldn’t just roll your own crypto. It’s the analysis of the entire community, not the credentials of the author, that makes modern cryptography so strong.

[go to top]