|
|
|
|
|
|
by epimenov
3865 days ago
|
|
|
>Absolutely dangerous thinking is to declare cryptography off limits. With that in mind eventually you just scare more people to participate in this process and eventually be left with a tiny core community. Anybody can participate, just don't claim it's secure. > Sure, that's exactly how SSL works. We invented crypto systems and we are using them until they are broken, then we phase them out for something else. The only difference is there's a maillist with actual cryptographers (https://www.ietf.org/mail-archive/web/tls/current/threads.ht...), that iterate over design. If you look at the history of TLS, you'll see how tricky is to get crypto right. There has been lots of attacks on the protocol, that no one person could've think of. You don't have that if you roll your own and/or have "very good reasons" when people point your mistakes out. |
|
|
You'd hope so, but contrary to popular belief, actual cryptographers relatively rarely manage to prevent errors in the standards. For instance, Phil Rogaway warned against MAC-then-Encrypt used in TLS which led to the Padding Oracle attacks many many years before they were exploited, but the suggestions were ignored by the "practitioners" designing the protocols. In fact, the TLS example was one that is relatively easy to get right if the designers wouldn't have gone crazy and listened to actual cryptographers. Telegram will someday fall into the exact same bucket.