top | item 6027472

(no title)

zalambar | 12 years ago

Caution is a good attitude to have when working on critical code with non-obvious modes of failure.

However I agree with davidw; this "dont' touch it" or "we're not smart enough" attitude is tiresome. Couldn't we instead admit that this is a difficult problem which requires some engineering rigor to solve well and talk about how we can address such problems like professionals instead of hiding from them?

discuss

tptacek|12 years ago

Most people don't actually want to do their own surgery. Even if you put a scalpel in someone's hands, and gave them all the anesthesia, they still wouldn't be tempted to remove someone's appendix after reading an eHow article about it.

The same isn't true of crypto. People know both intellectually and viscerally that they shouldn't be doing their own surgeries. But they only have an intellectual understanding that crypto is unsafe.

A big part of that is because the harm caused by crypto mistakes are often an externality to the developer.

arthuredelstein|12 years ago

That's fine, but we have an emergency right now and there aren't enough surgeons to go around. We need more competent crypto engineers ASAP.

gizmo686|12 years ago

A bigger part of it is that bad crypto looks alot like good crypto.

marcosdumay|12 years ago

It doesn't only need engineering rigour.

Good crypto needs engineering rigour, honest colective work, and time to mature.