undefined | Better HN

0 pointslvh9y ago0 comments

Hi! I'm the author of Crypto 101.

I couldn't agree more. I think the fact that we have so much crypto foot guns available is a UX issue that we should address. Ideally, Crypto 101 would only be to satisfy one's own curiosity; not mandatory reading for anyone who wants to do something cryptographic. Alas, that's also not the world we live in right now. Realistically, plenty of crypto libraries will offer up e.g. unauthenticated AES-CBC. Then you probably want to know about some of the attacks on that, why you want a MAC, and where that MAC should live; if only to convince your coworkers that the concerns you have are real.

0 comments

FullyFunctional9y ago

Isn't this the point of [Twitter]NaCl (Bernstein et al)? To provide a library which, when used correctly, makes it harder to make the obvious mistakes?

I think it's great, but it doesn't solve the protocol issue.

lvhOP9y ago

Sure! But folks don't always use NaCl; they can have all sorts of stuff currently in play.

j / k navigate · click thread line to collapse