CryptoSplainers

[cjdelisle]

Or why nobody ever encrypts anything.

Whenever anyone tries to write some kind of encryption software; there's always this guy, (and it is, almost always, a guy) who decides to weigh in on the situation.

He pops up and starts talking about algorithms and bits and attacks and all kinds of stuff that for most people sounds really scary.

I'm gonna let you in on a little secret: Crypto is boring. We already know how to do it, it's been boring for like 20 years and unless you're doing something massively complicated like an anonymous cryptocurrency or you just make an enormous mistake, you basically can't mess it up.

You're more likely to screw up how you communicate an error message than make a key with the wrong bits or something.

But this is not what our hero the CryptoSplainer will tell you, he's going to raise critical issues about your bits and your key derivation and AES and RSA and DSA and NSA and all kind of theoretical attacks. He might even tell you that you're killing people in Kazakhstan.

Ironically, when people write apps with no encryption, CryptoSplainers leave them alone. So most app developers do the logical thing and avoid even the mention of any bits or ciphers.

So write all the crypto! Even if there is some kind of attack on it, it's better than plaintext. And if you feel that your anatomy is somehow, smaller, than it should have been, please please don't take it out on poor app developers. Buy a truck.

[cjdelisle]

first https://github.com/jes/hardbin/issues/1

[co60ca]

Calm down, you are going to be okay.

[TETYYS]

are you angry that you don't understand cryptography? i don't see the point of this repo, there is no code here

[johnny-bit]

Lemme `splain it to ya. When ya doin' non-encrypted soft, cryptosplainers won't bite yer arse, 'cause ya know - no crypto. Ya know why cryptosplainers bite? Because laymans do not know there are various levels of crypto - most of 'em are NOT safe. By saying "it's encrypted" while yer encryption is weak, you are lying to laymans and putting 'em to danger, since layman would choose "encrypted" over "non-encrypted". And crypto that's easily broken is worse than plain text, because it's WAY more interesting. Obviously someone choosing to encrypt their stuff has something to hide.

Now when you do "encryption" you should do your best and listen to people smarter than you in doing what's best, because it's not your pride that's on stake here - it's people's data.

And lemme give ya simpler sample: 2+2*2 is 6, and if you say "8" your teacher is not "asshole math splainer", he simply teaches you about order of operations in math is important.

[ansuz]

[adamierymenko]

I wouldn't say it's easy to implement crypto, but it's also not as hard as the "never ever ever ever touch crypto" crowd claims. It's on the same level as correctly implementing Raft consensus or a video file format decoder. Hard, but not that damn hard.

You're also right that we mostly understand how to create decent crypto. You take an asymmetric key algo and do a key agreement. Then you take the resulting key and hash it just to be safe. Then you take that hashed key and use it to encrypt your message with an authenticated cipher, which can take the form of a combined auth/encrypt cipher like AES-GCM or a cipher plus a keyed message authentication code. In all cases you have to read up on the details of the algorithms you're using to make sure you are using them correctly -- e.g. if you are using Poly1305 then you can't use the key directly but have to generate a random one-off per-message key, etc.

You can go further: forward secrecy, ratchets, etc. But that's not necessary for the base case and the base case is infinitely better than no security.

[adamierymenko]

2/2 -- "never roll your own crypto" discourages people from learning about crypto and discourages the formation of a knowledgeable programmer culture around crypto.

This discouragement is why people keep using AES-CBC with no authentication in 2017. Programmers who even talk about crypto get smacked down by the "never implement crypto" crowd, so writing crypto turns into something akin to watching porn-- something people do in secret and lie and say they don't do.

"Abstinence based" crypto education?

[johnny-bit]

Err... then crypto folks are being misunderstood. "never make your own crypto" does NOT mean what you say. At least for all Professors and professionals I've talked with abut that. It means that you should not crate your own cryptography algorithm. Or hash algorithm. In 99.99999% cases it will be bad.

In all my dealings with cryptography and security, all I had to do was to use algos provided by libraries and use them properly. Unfortunately crypto is hard, so choosing right algo and using it properly is another pain point, so if any of my crypto-related project comes on github, I hope that some CryptoSplainer will come along and tell me what I'm doing wrong. I've read so many articles and fixed so many things but still I'm certain that there can be better way.

2017-05-25 16:40 GMT+02:00 Adam Ierymenko notifications@github.com:

2/2 -- "never roll your own crypto" discourages people from learning about crypto and discourages the formation of a knowledgeable programmer culture around crypto.

This discouragement is why people keep using AES-CBC with no authentication in 2017. Programmers who even talk about crypto get smacked down by the "never implement crypto" crowd, so writing crypto turns into something akin to watching porn-- something people do in secret and lie and say they don't do.

"Abstinence based" crypto education?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/cjdelisle/CryptoSplainers/issues/1#issuecomment-304027164, or mute the thread https://github.com/notifications/unsubscribe-auth/AKMVFaSpC0rKncxZH5BKmTA5lWnqs7g3ks5r9ZLngaJpZM4NkY3P .

-- Pozdrawiam, Hubert Kowalski

[CristinaDeLisle]