undefined | Better HN

0 pointssaghm1y ago0 comments

I did say my understanding was probably naive; I didn't know the details to be able to assert anything beyond my own observation!

0 comments

4 comments · 2 top-level

stouset1y ago· 2 in thread

Yep, not faulting you at all! I too was surprised when I found out that it’s a straight 256-bit random value with a few bits masked.

saghmOP1y ago

I pretty quickly realized in college when learning about this stuff that the math was well over my head, and I shifted my focus more to understanding how to properly use cryptography rather than implement it (which turned out to be more important as a software engineer anyhow). In retrospect, I really appreciate how the professor I had in a security-focused course explicitly told us it was okay if we didn't understand the math and wouldn't be tested on it when going over how it worked.

tptacek1y ago

Counterpoint: it's not OK to skip the math with cryptography. You may not need to power through all of Silverman's curve book (though: I don't know for sure that's true, which is why I don't call myself a cryptography engineer), but you have to get as deep into the math as you can in order to safely use cryptographic algorithms.

If you're math-avoidant, stick with high-level abstractions like NaCL and TLS. There's nothing wrong with that!

A professor talking about and demonstrating cryptography at the level of individual algorithms is doing their class a disservice if they say "none of the math will be on the test". The algorithms are enough to put something together that seems like it works; the math is what you need to find out if your resulting system actually does work. It's where many of the fun bug classes live.

1 more reply

syncsynchalt1y ago

Learning X25519 isn't too hard! See https://curves.xargs.org for the basics and https://x25519.xargs.org for some refining details.

j / k navigate · click thread line to collapse