|
|
|
|
|
|
by smaudet
1589 days ago
|
|
|
> What's worse is that I fear there are incentives (mostly political/security interests) Nah its mostly just a mix of laziness, rigor, and salesfolk. Most people don't want nor can properly design a hash algorithm (which works well). Public ones like SHA have received so much scrutiny, they are extremely well vetted...and then there's the mostly valid attitude of "never roll your own crypto" - Don't, not in production or anything that could become production. Unless you are a group of highly skilled cross domain career cryptographers/mathematicians... Which leads to the last bit, people build whole business out of selling "security products" out of publically available crypto, then make the argument you shouldn't do it yourself, buy theirs. Which sometimes makes sense - often it is a shill/marketing ploy. Rarely do these products provide much on top of the core freely available code...and they probably shouldn't, or else there is probably untrustworthy nonsense inside. So yeah, don't assume malice where first incompetence is possible. |
|
|