Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Crypto Gardening Guide and Planting Tips

Posted by michael on from the nous-devons-cultiver-nos-jardins dept.

ncostigan writes "Peter Gutmann of cryptlib fame has written a very readable paper on real-world constraints for cryptographers, and points out problems that their designs will run into when attempts are made to deploy them. Also included is a motivational list of extremely uncool problems that implementors have been building ad-hoc solutions for since no formal ones exist."

5 of 91 comments (clear)

  1. The Real Question by The+Subliminal+Kid · · Score: 5, Interesting

    The problem I face every day has bugger all to do with the vague under the hood stuff that I see everyday about the inside or crypto engines but the problem of getting my clients to understand that the extra clicks when they send an email, the remebering a pass phrase, and the extra clicks to read incoming email is not only advisable but absolutly necessary. everyday I see lawyers send priviliged material over the internet and getting them to see both that it is going on a electronic post card and there is a solution is a task that has proved beyond me.

    Suggestions from the floor?

    1. Re:The Real Question by Anonymous Coward · · Score: 5, Funny

      Read all of the flirtatious mail they send each other. Send the originator a summary of the juiciest bits, and add the text

      "If you would like to stop me reading your mail like this, give me a ring and I'll tell you how. If I find anything good in next month, I'll print it out and pin it up on everyone's messageboard. Give Janice a kiss from me, sugarplum."

  2. Re:Very readable.. by xmath · · Score: 5, Informative

    Message Authentication Code
    Hashed Message Authentication Code
    Pseudo Random Function
    Initialization Vector

  3. Top 5 reasons to use cryptography by Amsterdam+Vallon · · Score: 5, Funny

    5 -- At least your mom will think you're 1337

    4 -- You need a BFS (Big Fucking pgp Sig) for all those blogs you waste your time on

    3 -- To avoid letting the FBI know that Dear Matt, I you thought the last comp sci lab was hard and will probably just wait until Punjab Moltisontorilho hands his in and then we can steal his answers From Peter

    2 -- Its geek factor will offset the fact that you still run Windows 95
    ... and the number 1 reason to use cryptography

    1 -- Get that "terrorist feel" without all the violence

    Copyright Eric Krout, Editor of *nix.org

    --

    Reply or e-mail; don't vaguely moderate. Ex-O'Reilly/MIT employee, now a full-time Google employee.
  4. Re:why isn't an implementation standard? by chialea · · Score: 5, Interesting

    >crypto is very much an applied field, so the theorists should include example source in their papers.

    Er.. security is an applied field. Crypto is applied non-applied mathematics, basically. I don't /do/ code, generally, and very rarely C or C++, which you seem to be implying should be used. The people who are interested in one are not always interested in the other. Coming from the math side of it, I'm sometimes tempted to say "learn some math and read the proofs before you implement". Not always practical, sure, but just as valid as expecting me to know about networking this'n'that.

    There's also not generally room in a paper for source. Rigorous proofs and definitions can take up a LOT of room. (Everyone who's read the 5x page HILL paper, or one of Dan Boneh's 3x page papers, raise your hand if you want to see source at the end of it.)

    Lea