|
|
|
|
|
|
by maqp
2319 days ago
|
|
|
Rolling one's own crypto has become a catch-all phrase. It's of course very important to remember implementing standard algorithms in non-standard way can be incredibly dangerous too. I've seen unauthenticated AES-CBC way too many times. I've seen fingerprints calculated by hashing pre-master secrets (completely insecure), I've seen crypto libraries that rely on completely insecure structures for their RNGs (worst was probably LCG fed from math.random). I've seen fixed IVs with fixed keys, E2EE without fingerprints (way too often), ones with expired primitives (SHA-1 in PGP). I've seen RSA PKCS #1.5 deployed in brand new products (https://trailofbits.files.wordpress.com/2019/07/image13-1.pn...). So the correct advice is, "don't deviate from best practices, and hire a cryptographer." |
|
|
