"(Updated) Crytographic Right Answers" by tptacek

[pfrazee]

https://gist.github.com/tqbf/be58d2d39690c3b366ad

This is a nice file written by tptacek of matasano.com fame. Worth reading, and possibly working into the repo.

[dominictarr]

There are some things he says that are a bit fuddy - he may well be right, but what makes them fud is not explaining/linking why (promoting clarity). For example - he says don't port or reimplement curve25519 - okay but what sort of mistakes can you make? I am sure the full answer is very long, but we need a pointer in the correct direction.

We need security, but we need to know we have security (not the same things!). To know we have security we need to understand and be able to reason about the properties.

For example - AES is difficult to implement securely, because the cipher has branches, it allows side channel attacks (another program running on the same cpu can detect what it's doing from cache timing etc), but salsa/chacha avoids this by simply never branching (all memory accesses are predictable, and thus do not reveal any information about the key)

[pfrazee]

Im digging around to find some answers about emscripten ports. Here's the only thing I've found so far: https://groups.google.com/forum/#!topic/emscripten-discuss/S_l2waYg33M