cshep | 9 years ago | on: Ask HN: Current Crypto Best Practices
cshep's comments
cshep | 9 years ago | on: On the Impending Crypto Monoculture (2016)
I have the fortune of working in a security group who's members are recognised themselves and have worked with Bernstein, Rogaway et al.
From my experience, too many cryptographers lack the applied skills (API design, knowing the issues faced by developers, designing and implementing performant crypto primitives). Conversely, too many applied folk lack the crypto experience: knowing the state-of-the-art of elliptic curves, MPC, lattices and so forth.
Bernstein has the experience to bridge both, which provides an enormous advantage. JHU's Matthew Green is someone else who's does both.
cshep | 9 years ago | on: Long-term stress erodes memory
I found that learning how and when to say 'no' to your boss is a great start.
cshep | 9 years ago | on: Echo – Assembly program that prints the first positional argument to stdout
Yes. From experience, many developers, namely newly-graduated college students from not-so-rigorous programs, have little idea of Assembly. The same applies with theoretical computer science (Turing Machines, FSMs, PDAs etc.), algorithmic analysis and fundamentals of computing hardware (flip-flops, half/full adders, basic CPU design).
cshep | 9 years ago | on: Why is machine learning ‘hard’?
Another complication, especially for newcomers, is the boundary at which to use certain algorithms. Questions like 'Can/should I just use an SVM over deep learning?' are also suspect to 'guessing'. Mind, it's this explorative process that makes ML so intriguing too.
page 1
The OWASP guidance is OK for a quick access to best practices, but insufficient for rigorous learning.
Cryptography takes time to digest the fundamentals and recognise how new concepts are both beneficial and, vitally, disadvantageous; sadly, there is no cheat sheet or quick fix.
Source: computer security PhD student.