Over at birdsite:
Glorious rant about #crypto and #Linux #security, with a surprise in it:
https://twitter.com/ewindisch/status/926432248970309632
Thanks @wxcafe for finding :)
@bob @NerdResa @wxcafe 10/10, well played Sir! https://mastodon.social/media/FkNRlVomEkhn9AcmnrQ
@rysiek @NerdResa @wxcafe
Eeeh, even writing your own, secure implementation requires pretty considerable expertise, lest you introduce side-channels, oracles, ...
Also, saying everyone should write their own crypto implementation is as problematic as saying everyone should learn how to program; sure, it's not a bad skill to have, but it's perfectly legitimate to not have it.
Do we condescend on people for not knowing how to play the violin or how to do accounting?
@kellerfuchs @NerdResa @wxcafe yeah, that's why I added "ok, that's much". I knew somebody will opposed (and with good reasons). ;)
You're right, of course. Still, my point was that the person from birdsite conflated algorithm design with implementation.
@rysiek @kellerfuchs @NerdResa uh I think their point is that everyone conflates algorithm design with implementation. "don't roll your own crypto" is as much about algo design as it is about implementation, at least in its most used form.
@wxcafe @kellerfuchs @NerdResa well now we're neck-deep in nuance -- as we should. Nuance is exactly what was missing from the birdsite post.
@rysiek @kellerfuchs @NerdResa which is understandable regarding the sentiment that's expressed and is inferrable from context 🤷
That was a post from a friend who has literally been doing the nuance for years. That's a post by someone who spent half a year waiting for kernel devs to acknowledge her vulnerability was real.
At some point, we will all get tired of shouldering the burden of doing the nuance for you. So stop blaming us for the ambiant toxicity, and do your part to fix it.
@kellerfuchs @wxcafe @NerdResa I am not blaming anyone for anything.
And I shoulder a number of things related to this topic myself, thank you. Dealing with snakeoil, dealing with shitty protocols, shitty algorithms, shitty implementations, shitty UI, and most importantly dealing with the outcomes that these create.
I read the birdsite post and thought "fuck, this is going to bring loads of grief to journalists I work with". Hence my reaction.
Since you seem to have missed the point, I'll reiterate: I talked about the ambiant toxicity. Not the implementations-being-terrible, but the being-unable-to-contribute due to mansplaining, ramplant *isms, ...
When you say “nuance is what was missing from the birbsite post”, you are entirely erasing all the nuanced work that person has made, and you are pushing under the carpet that they cannot stomach doing that work anymore due to that toxicity.
@kellerfuchs @wxcafe @NerdResa fair enough.
@kellerfuchs i'm late to the party but just wanted to say _thank you_ for this post
@mxsparks You are welcome. <3 :3
*is so fucking done with that thread, though.*
@rysiek @NerdResa @wxcafe
Yeah, I know Erica, and I know we (IIRC) disagree on that point to some extend.
By all means, design and implement crypto (or kernels); just most of it will be terrible and shouldn't be trusted. If you are OK with it being a learning exercise, fine.
If you mean “if you have the skillset, please build less terrible alternatives”, sure.
But please, don't pull a Telegram and make bazillions of users depend on terrible crypto.
@kellerfuchs @NerdResa @wxcafe I was waiting for the T-word to show up. Yeah, that.
@rysiek @NerdResa @wxcafe However, if anyony (especially, their dog) tries to sell* you their own implementation of crypto, you should be cautious. During the last decade, new class of vulerabilities have been researched (side channel) and ability to avoid them is not yet common.
* "selling" includes putting in FLOSS.
@rysiek @NerdResa @wxcafe this is incorrect, and what's more it's dangerously incorrect. It's incredibly hard to implement many crypto algorithms securely. Writing constant time algorithms is difficult, validating inputs is difficult, securing memory is incredibly difficult, likewise presenting a low profile to side-channel attacks
By all means, write crypto implementations if it helps you learn or for fun or for any number of reasons. But don't mistake your hand-rolled crypto for secure.
@nightpool @rysiek @NerdResa @wxcafe nightpool is *dead on*, here. Don't invent new crypto or implement crypto until you can first explain why it's generally a bad idea. (Once you can do that, maybe you're allowed to do it anyway.)
This is serious stuff. Crypto bugs kill.
@varx @rysiek @NerdResa @wxcafe I think there's a tendency to hear "don't implement crypto" as "don't write small crypto libraries to help you understand how they work or for hobby projects". that stuff is still super valuable! by all means write tons and tons of shitty crypto code! it's just not secure and shouldn't be mistaken for such.
@NerdResa @wxcafe 🤦
"Don't write your own crypto" is more about *designing algorithms/protocols* and much, much less about creating implementations of proven algorithms/protocols.
Everyone and their dog (ok, a bit much ;) ) should write their own *implementation*, so we don't end up in the OpenSSL thing again, and so that they learn.
Almost no-one (especially not their dog!) should design their own crypto algos/protocols. This ends *badly*.