|
|
|
|
|
|
by Tuna-Fish
4 days ago
|
|
|
> Cryptographic code is famously hard, with many, many footguns haunting unsuspecting developers (and even experts!). > But, cryptography also has something that you likely won't find in any other domain: an extensive public collection of test vectors, particularly for edge cases. Every algorithm specification come with a basic suite of test vectors, but there are also community-built wonders such as Wycheproof. > These test vectors, combined with the official specification documents of the crypto algorithms were rather effective to guide the coding agents and avoid the worst hallucinations. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA The first rule about implementing in crypto is don't roll your own. But if you do, the second rule is that you have to actually deeply understand every algorithm you implement, and every interaction between every system they touch. The appropriate ratio between time spent reading research papers and time spent writing production code is well north of 100:1. You cannot get crypto right by doing it one small piece at a time. You cannot black box it by using tests. There is not a test for every corner case, the corner cases are lethal, and if your library is ever actually used for anything even remotely important, there absolutely will be attackers constructing those corner cases to attack your system. The short version is that absolutely no-one should ever use this. |
|
|
If you're building a dashboard for visualizing something fun (hot dog sales in sport games) then the corner case error has low cost. I'm happy having this vibe coded dashboard that works 99/100 and my world is better with it existing.
Crypto is on the opposite scale (and I'm surprised this blog doesn't realize it): 9999/10000 isn't good enough because the corner cases have dire consequences. So, yeah, bad example for vibe coding