|
|
|
|
|
|
by ThePhysicist
1458 days ago
|
|
|
From my experience, most academic cryptographers are quite bad at building real-world cryptographic protocols or systems as they often lack the practical knowledge of software engineering / industry standards. Designing cryptographic systems rarely involves coming up with novel cryptographic mechanisms and mostly revolves around carefully implementing and combining established methods. For example, in an audit of an E2EE system I built, the auditor (who had a PhD and PostDoc in cryptography) had never even heard of the term ECIES (elliptic curve integrated encryption scheme) so I had to point him to the IETF doc and explain that it's a standardized system. The failures you see like the recent vulnerabilities in the MEGA cryptography could have been avoided if MEGA had simply followed established best practices, no cryptographer needed. So I'd argue we need many more people with applied cryptography experience, and a university PhD in cryptography will not necessarily provide such experience. |
|
|