Slashdot Mirror
The Crypto Gardening Guide and Planting Tips
ncostigan writes "Peter Gutmann of cryptlib fame has written a very readable paper on real-world constraints for cryptographers, and points out problems that their designs will run into when attempts are made
to deploy them. Also included is a motivational list of extremely uncool problems that implementors have been building ad-hoc solutions for since no
formal ones exist."
Well - actually, I only laughed - over this passage
(Note: If you're in the media or telecoms industry this becomes "Get there
first with something patented, proprietary, and broken, then send lawyers
after anyone who points out problems", but this is a special case).
Heh! What a wag!
A little planning goes a long way...
If you're reading about crypto, and you have not heard of Peter Gutmann, then you are either just *starting* to read about crypto, or you have missed out some of the most important *practical* parts of your reading!
Check also the X509 Style Guide. Outstanding and insightful. Trust no one claiming to know about PKI unless they have read and understood this :-)
The problem I face every day has bugger all to do with the vague under the hood stuff that I see everyday about the inside or crypto engines but the problem of getting my clients to understand that the extra clicks when they send an email, the remebering a pass phrase, and the extra clicks to read incoming email is not only advisable but absolutly necessary. everyday I see lawyers send priviliged material over the internet and getting them to see both that it is going on a electronic post card and there is a solution is a task that has proved beyond me.
Suggestions from the floor?
Message Authentication Code
Hashed Message Authentication Code
Pseudo Random Function
Initialization Vector
Hey! Aren't you Peter G., that famous cryptlib guy???
uh...no, sorry, you have me mixed up with some other cryto guy. My name is, uh, Chuck...Chuck Laylow. I don't know squat about anything dealing with secrets, really...now, please go away before someone sees you talking to me, and don't tell anyone you talked to me...ever...thanks.
5 -- At least your mom will think you're 1337
4 -- You need a BFS (Big Fucking pgp Sig) for all those blogs you waste your time on
3 -- To avoid letting the FBI know that Dear Matt, I you thought the last comp sci lab was hard and will probably just wait until Punjab Moltisontorilho hands his in and then we can steal his answers From Peter
2 -- Its geek factor will offset the fact that you still run Windows 95
... and the number 1 reason to use cryptography
1 -- Get that "terrorist feel" without all the violence
Copyright Eric Krout, Editor of *nix.org
Reply or e-mail; don't vaguely moderate. Ex-O'Reilly/MIT employee, now a full-time Google employee.
Damn ... I read the title and I thought "Whoa, someone has come up with a way to hide secret messages in their garden."
Kinda like steganography, but with flowers.
Now *that* would be news for nerds.
Tuus crepidae innexilis sunt.
>crypto is very much an applied field, so the theorists should include example source in their papers.
/do/ code, generally, and very rarely C or C++, which you seem to be implying should be used. The people who are interested in one are not always interested in the other. Coming from the math side of it, I'm sometimes tempted to say "learn some math and read the proofs before you implement". Not always practical, sure, but just as valid as expecting me to know about networking this'n'that.
Er.. security is an applied field. Crypto is applied non-applied mathematics, basically. I don't
There's also not generally room in a paper for source. Rigorous proofs and definitions can take up a LOT of room. (Everyone who's read the 5x page HILL paper, or one of Dan Boneh's 3x page papers, raise your hand if you want to see source at the end of it.)
Lea