undefined | Better HN

0 pointsmschuster914d ago0 comments

It's not made easier by the fact that a lot of cryptography is either very old and arcane or it's one hell of a mess of code that doesn't make sense without reading standards.

I had the misfortune of having to dig deep into constructing ASN.1 payloads by hand [1] because that's the only thing Java speaks, and oh holy hell is this A MESS because OF COURSE there's two ways to encode a bunch of bytes (BIT STRING vs OCTET STRING) and encoding ed25519 keys uses BOTH [2].

And ed25519 is a mess in itself. The more-or-less standard implementation by orlp [3] is almost completely lacking any comments explaining what is going on where and reading the relevant RFCs alone doesn't help, it's probably only understandable by reading a 500 pages math paper.

It's almost as if cryptographers have zero interest in interested random people to join the field.

End of rant.

[1] https://github.com/msmuenchen/meshcore-packets-java/blob/mai...

[2] https://datatracker.ietf.org/doc/html/rfc8410#appendix-A

[3] https://github.com/orlp/ed25519/tree/master

0 comments

Muromec4d ago

The trick to asn.1 is to generate both parser and serializer from the spec. Elliptic curve math on the other hand is ... yeah, you need to know the math and also know the tricks to code that implements it. Both of those have steep learning curve, but it's hardly because it's a mess or it's old.

thayne4d ago

The problem with ASN.1 is that it is big and complicated, and you only need a fraction of it for cryptography, and it isn't really used for anything outside of pki anymore.

It wouldn't be as bad if asn.1 had cought on more as a general purpose serialization format and there were ubiquitous decent libraries for dealing with it. But that didn't happen. Probably partly because there are so many different representations of asn.1.

A bespoke serialization specifically for certificates might actually have aged better, if it was well designed.

jll294d ago

Assuming there are some libraries for it, would this make a pretty good case for LLM-generated ports of these existing libraries into other languages or onto other OSs/platforms? One implementation could be treated as "the spect".

pocksuppet4d ago

ASN.1 is protobufs designed by committee. It is a general-purpose serialization format, but there's no good reason to choose it instead of protobufs.

thayne4d ago

> It is a general-purpose serialization format

Yes. My point is that in practice it hasn't really been used for much outside of cryptography.

> there's no good reason to choose it instead of protobufs

Well, the reason it is used in a lot of the places it is, is because protobufs didn't exist when those protocols or file formats were created.

There are also some things that ASN.1 does better at a technical level. Of important significance to cryptography is that the DER representation is "canonical", meaning that there is only one way to serialize a set of data to bytes. That's important because it means that you can just hash the contents of the serialization for signatures, rather than having to have some kind of separate canonicalization step (which is a common source of mistakes).

tptacek4d ago

The trick to ASN.1 is to serialize/unserialize it backwards.

dwattttt4d ago

#1 NSA, I get it now!

mschuster91OP4d ago

> Both of those have steep learning curve, but it's hardly because it's a mess or it's old.

Bitpacking structures used to be important in the 60s. That time has passed, unless you're dealing with LoRa, NFC or other cases of highly constrained bandwidth there are way better options to serialize and deserialize information. It's time to move on, and the complexity of all the legacy garbage in crypto has been the case of many a security vulnerability in the past.

As for the code, it might be personal preference but I'd love to have at least some comments referring back to a specification or original research paper in the code.

Muromec4d ago

I think you misunderstand the problem asn.1 solves and constrains it works within (both 30 years ago and now). We sure can have a better one now once we learned all the lessons and know what good parts to keep, but this critique of bitpacking is misplaced.

Avamander4d ago

ASN.1 is not used because of just bitpacking. There are other benefits to ASN.1 and it's probably one of the least problematic parts there.

People who have thought they can do better have made things like PGP. It's one of the worst cryptographic solutions out there. You're free to try as well though.

Muromec4d ago

People who though they can do better did JWT, that is not complicated at all and has no bugs as well. Also solves 20% of what asn.1 is used for.

1 more reply

tptacek4d ago

The typical vector for entering cryptography as a professional is called "grad school".

cyberax4d ago

X.509 is a deep legacy, but at least at this point it's well tested.

> because that's the only thing Java speaks

No, it most definitely is not. You can just construct a private key directly in BouncyCastle: https://downloads.bouncycastle.org/java/docs/bcprov-jdk18on-...

I'm 100% certain that you also can do that with raw java.security. I did that about 15 years ago with raw RSA/EC keys. You can just directly specify the private exponent for RSA (as a bigint!) or the curve point for EC.

Ditto for ed25519, you can just take the canonical implementation from DJB. And you really really shouldn't do that anyway, please just use OpenSSL or another similar major crypto library.

Muromec4d ago

I wouldn't recommend touching openssl (the library, command line tools are okay-ish) with anything that breaths life.

mschuster91OP4d ago

> I'm 100% certain that you also can do that with raw java.security.

I tried that, the problem is Meshcore specific - they do their own weird shit with private and public keys [1]. Haven't figured out how to do the private key import either, because in the C source code (or in python re-implementations) Meshcore just calls directly into the raw ed25519 library to do their custom math... it's a mess.

[1] https://jacksbrain.com/2026/01/a-hitchhiker-s-guide-to-meshc...

cyberax4d ago

I'm playing with LORA/Meshcore right now (I have an nRF52840 lying around). I'm pretty sure I know how to do that, will take a look.

j / k navigate · click thread line to collapse

0 comments

Muromec4d ago

thayne4d ago

The problem with ASN.1 is that it is big and complicated, and you only need a fraction of it for cryptography, and it isn't really used for anything outside of pki anymore.

A bespoke serialization specifically for certificates might actually have aged better, if it was well designed.

jll294d ago

pocksuppet4d ago

ASN.1 is protobufs designed by committee. It is a general-purpose serialization format, but there's no good reason to choose it instead of protobufs.

thayne4d ago

> It is a general-purpose serialization format

Yes. My point is that in practice it hasn't really been used for much outside of cryptography.

> there's no good reason to choose it instead of protobufs

Well, the reason it is used in a lot of the places it is, is because protobufs didn't exist when those protocols or file formats were created.

tptacek4d ago

The trick to ASN.1 is to serialize/unserialize it backwards.

dwattttt4d ago

#1 NSA, I get it now!

mschuster91OP4d ago

> Both of those have steep learning curve, but it's hardly because it's a mess or it's old.

As for the code, it might be personal preference but I'd love to have at least some comments referring back to a specification or original research paper in the code.

Muromec4d ago

Avamander4d ago

ASN.1 is not used because of just bitpacking. There are other benefits to ASN.1 and it's probably one of the least problematic parts there.

People who have thought they can do better have made things like PGP. It's one of the worst cryptographic solutions out there. You're free to try as well though.

Muromec4d ago

People who though they can do better did JWT, that is not complicated at all and has no bugs as well. Also solves 20% of what asn.1 is used for.

1 more reply

tptacek4d ago

The typical vector for entering cryptography as a professional is called "grad school".

cyberax4d ago

X.509 is a deep legacy, but at least at this point it's well tested.

> because that's the only thing Java speaks

No, it most definitely is not. You can just construct a private key directly in BouncyCastle: https://downloads.bouncycastle.org/java/docs/bcprov-jdk18on-...

Ditto for ed25519, you can just take the canonical implementation from DJB. And you really really shouldn't do that anyway, please just use OpenSSL or another similar major crypto library.

Muromec4d ago

I wouldn't recommend touching openssl (the library, command line tools are okay-ish) with anything that breaths life.

mschuster91OP4d ago

> I'm 100% certain that you also can do that with raw java.security.

[1] https://jacksbrain.com/2026/01/a-hitchhiker-s-guide-to-meshc...

cyberax4d ago

I'm playing with LORA/Meshcore right now (I have an nRF52840 lying around). I'm pretty sure I know how to do that, will take a look.

j / k navigate · click thread line to collapse