zlacker

[return to "Ask HN: What scientific phenomenon do you wish someone would explain better?"]
1. memset+tD[view] [source] 2020-04-27 00:33:30
>>qqqqqu+(OP)
Crypto and practical security. I get tired of the circular “don’t roll your own crypto unless you’re qualified”. How does one become qualified? I don’t feel like I know how to evaluate many of the arguments people make for or against technologies people argue about on HN, such as Signal or different password managers. I feel like “security through obscurity” is a bad thing, and “layers of security” are a good thing, but isn’t all security obscuring something, and how does one evaluate whether a layer is adequate? “Just use bcrypt” - okay, help me understand!
◧◩
2. himinl+7r1[view] [source] 2020-04-27 11:28:11
>>memset+tD
> I get tired of the circular “don’t roll your own crypto unless you’re qualified”.

It's true, but you need to realize that you're qualified enough only when you understand that you shouldn't roll out your own crypto.

In my opinion, the only person who has credibly demonstrated being able to roll his own crypto is djb (http://cr.yp.to/)

> but isn’t all security obscuring something,

Keeping a secret isn't "obscuring" something, it's hiding it entirely. Security through obscurity is bad because it relies on attackers being dumb. The smartest person in the world cannot be expected to guess a well chosen and kept secret.

[go to top]