Hacker News new | ask | show | jobs
by distrorepoman 2852 days ago
a word of warning. off the page textbook crypto examples are not a good crypto scheme you have to think like a bank robber to start securing your bank. if you think like a banker then you will try to cut costs and corners to make revenue.

addendum > Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break. It's not even hard. What is hard is creating an algorithm that no one else can break, even after years of analysis. And the only way to prove that is to subject the algorithm to years of analysis by the best cryptographers around.

good crypto cant be broken by knowing the algo thats why closed proprietary crypto is POS

addendum 2 )

this makes the case for open source so there are multiple perspectives rather than ECHO CHAMBERS bcz when it comes down to it you can talk yourself into thinking anything is great when it is your own pet theory.

BTW im working around the posting too fast BS so thats why the addendums to parent post.

================================= ALSO off topic but, concerning:

Detecting Screen Content via Remote Acoustic Side Channels

{https://www.cs.tau.ac.il/~tromer/synesthesia/}

every time a pixel changes it makes a UHF+ EMF chirp every time a bus channel makes a bit state transition it makes a UHF+ chirp if you evesdrop the EMF radiation preserve it and analyse your data then you can reconstruct EVERYTHING that the hardware is doing not just the display screen.
1 comments
ChrisSD 2852 days ago
Although be wary of how far even that can take you. As Bruce Schneier has said[0]:

> Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break. It's not even hard. What is hard is creating an algorithm that no one else can break, even after years of analysis. And the only way to prove that is to subject the algorithm to years of analysis by the best cryptographers around.

> If I have any contribution to this, it's to generalize it to security systems and not just to cryptographic algorithms. Because anyone can design a security system that he cannot break, evaluating the security credentials of the designer is an essential aspect of evaluating the system's security.

[0] https://www.schneier.com/blog/archives/2011/04/schneiers_law...

link