Follow

at what point does advising strongly against rolling your own crypto become gatekeeping cryptography knowledge

· · Web · 7 · 3 · 14

anyway stackoverflow should give out bans if you answer a question with "I can't ever see why you would want to do this, therefore you shouldn't"

@SuricrasiaOnline I hate those "answers"... I may have my reasons for doing things in unorthodox ways. Even if they really are bad I still want the opportunity fail on my own so I can learn why!

@SuricrasiaOnline Bot that automatically responds to people saying some variation of that with this image:

@SuricrasiaOnline@cybre.space experimenting with crypto is interesting, the problem is using crappy untested crypto in sensitive contexts

@SuricrasiaOnline I think encouraging people to contribute or fork should be encouraged instead.

@SuricrasiaOnline tbh i'm not even sure i know what people mean when they say this

@SuricrasiaOnline like it's just a mantra at this point. what constitutes "rolling" here

@SuricrasiaOnline I once saw an article that said in a much more fleshed out manner, "'don't roll your own crypto' is basically 'abstinence only crypto' and is as effective as that implies it is"

@SuricrasiaOnline when you give the same answer to "I want to write my own TLS implementation for fun" as you give to "We are allergic to third party software and need to secure half a nations PII"

@SuricrasiaOnline Depending on the form of the argument, it's better or worse, but I think it's usually "don't use homegrown cryptography for anything important until it's seriously vetted", which I'm largely okay with. dadrian.io/blog/posts/roll-you and the associated podcast (with transcript) seem mostly reasonable to me.

Sign in to participate in the conversation
Cybrespace

cybrespace: the social hub of the information superhighway jack in to the mastodon fediverse today and surf the dataflow through our cybrepunk, slightly glitchy web portal support us on patreon or liberapay!