zlacker

[return to "Ask HN: What scientific phenomenon do you wish someone would explain better?"]
1. memset+tD[view] [source] 2020-04-27 00:33:30
>>qqqqqu+(OP)
Crypto and practical security. I get tired of the circular “don’t roll your own crypto unless you’re qualified”. How does one become qualified? I don’t feel like I know how to evaluate many of the arguments people make for or against technologies people argue about on HN, such as Signal or different password managers. I feel like “security through obscurity” is a bad thing, and “layers of security” are a good thing, but isn’t all security obscuring something, and how does one evaluate whether a layer is adequate? “Just use bcrypt” - okay, help me understand!
◧◩
2. zorked+Ny1[view] [source] 2020-04-27 12:47:34
>>memset+tD
The proper way of interpreting the sentence about "don't roll your own crypto" is that it actually means "don't roll out your own crypto until it has been peer reviewed by many experts". At which point it kind of stops being "your own", in a way.
[go to top]