[148618] in cryptography@c2.net mail archive
Re: [Cryptography] RSA is dead.
daemon@ATHENA.MIT.EDU (ianG)
Mon Dec 23 10:30:35 2013
X-Original-To: cryptography@metzdowd.com
Date: Mon, 23 Dec 2013 13:58:24 +0300
From: ianG <iang@iang.org>
To: cryptography@metzdowd.com
In-Reply-To: <CAEw2jfy-9h_HSWeBAU3UXJ2K5+wA4_kfvJn57+2p5Y8zc=dXxA@mail.gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 23/12/13 02:17 AM, Patrick Mylund Nielsen wrote:
> But how will we do crypto then? :)
There is an evolving sense that we can do more to help.
1. toolboxes are moving up the stack. We aren't interested in
encryption algorithms any more, we're interested in authenticated
encryption algorithms.
2. Competitions are delivering our best results, not committees or
government fiat. e.g., above, there is a competition called CAESAR for
AE modes.
3. If you look at DJB's design for curve25519xsalsa20poly1305 you will
see further movement up the stack -- one way to do the whole thing.
4. In Object oriented coding it gets even easier. I use a concept I
call a Cryptor which combines everything together and does both ends.
Popular cryptors would be nice.
5. We do need more basic cryptoplumbers. So one of the things we can
do is unwind the pogrom against ordinary coders doing crypto. Knock
yourself out, you can only hurt yourself and your customers, and the
concept of a false sense of security has not been shown to be any more
than another false myth amongst hundreds.
6. Many more counterculture hints here:
http://iang.org/ssl/hn_hypotheses_in_secure_protocol_design.html
7. Learn some risk analysis. This is how life is; take some risks.
Risk analysis gives you a framework for deciding how much effort to put
into things, and also points out that security is wider than tech or
crypto or yet another software feature.
iang
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
