Why I do not climb in cryptography
I offer you a free translation of an interesting note about the heavy burden of programmers who deal with cryptographic algorithms. A note is a personal opinion of a person who respects such programmers, but he would never use cryptography.
We, programmers, love to make mistakes. Small bugs, large bugs, laziness - the possibilities are endless.
We usually find out about it right away: tests are falling around us, exceptions that have arisen are seen somewhere in the logs, or we hear complaints from our clients - they say, that ceased to work.
In most cases, it does not even matter to us how dangerous this bug is - it can be temporarily bypassed, and the application will continue to function normally as a whole. As soon as the cause is found, we fix the bug and everyone is happy.
')
But let's imagine that you made something like an error in one position . Normally, it happens. And then you find out that even with this error, the result of the function operation has remained unchanged. As if there was no error at all.
Imagine that, in spite of the correct data on the output, because of this error, they are in fact absolutely useless and your entire program has also become absolutely useless.
Welcome to the world of cryptography.
Cryptography can not be "a bit buggy." It can not be "generally working." Either it works 100% right, or you in vain even took up this job. A weak link breaks the whole chain.
Worse: looking at the data that the program produces at the output, you will not notice the trick. You encrypt something, at the output of some random trash. You decipher this trash - see the source code. It seems to work. Yes?
Last week there was an article about the gap in the random number generator in the cryptocat service algorithm - a great example of this.
The bug was caused by the same error by one position in their random number generator. At the output, the functions still had random numbers, and on closer examination they looked random. The effect reinforced the fact that we are accustomed to consider the written code to be correct.
But this is not the case. The bug was present and random numbers were not random enough.
The weakest link is broken, all efforts to provide protection were in vain, which is even worse in this case, because the only purpose of this application was protection.
Protection here is not just an additional feature bundled with the main ones. In this case, it was the main functionality.
This small error in one position instantly broke the entire application, but was completely invisible when looking at the returned result. Writing a test for this case would require special skills and abilities, and the probability of making an error in the test is as high as the probability of an error in the code itself that requires testing.
That's why, my friends, I stay away from cryptography. I'm just not so cool. Cryptography is a world where the usual understanding of the essence, understanding of the underlying mathematics and the ability to write tests is not enough.
You must set a goal to achieve excellence. If you can not reach - you are hopeless.
Cryptography is something that I better trust others. Either they were able to achieve perfection, I respect them extremely, or they didn’t work out either, I sympathize with that.
===
The translation author recommends reading at the same time habrahabr.ru/post/181372
We, programmers, love to make mistakes. Small bugs, large bugs, laziness - the possibilities are endless.
We usually find out about it right away: tests are falling around us, exceptions that have arisen are seen somewhere in the logs, or we hear complaints from our clients - they say, that ceased to work.
In most cases, it does not even matter to us how dangerous this bug is - it can be temporarily bypassed, and the application will continue to function normally as a whole. As soon as the cause is found, we fix the bug and everyone is happy.
')
But let's imagine that you made something like an error in one position . Normally, it happens. And then you find out that even with this error, the result of the function operation has remained unchanged. As if there was no error at all.
Imagine that, in spite of the correct data on the output, because of this error, they are in fact absolutely useless and your entire program has also become absolutely useless.
Welcome to the world of cryptography.
Cryptography can not be "a bit buggy." It can not be "generally working." Either it works 100% right, or you in vain even took up this job. A weak link breaks the whole chain.
Worse: looking at the data that the program produces at the output, you will not notice the trick. You encrypt something, at the output of some random trash. You decipher this trash - see the source code. It seems to work. Yes?
Last week there was an article about the gap in the random number generator in the cryptocat service algorithm - a great example of this.
The bug was caused by the same error by one position in their random number generator. At the output, the functions still had random numbers, and on closer examination they looked random. The effect reinforced the fact that we are accustomed to consider the written code to be correct.
But this is not the case. The bug was present and random numbers were not random enough.
The weakest link is broken, all efforts to provide protection were in vain, which is even worse in this case, because the only purpose of this application was protection.
Protection here is not just an additional feature bundled with the main ones. In this case, it was the main functionality.
This small error in one position instantly broke the entire application, but was completely invisible when looking at the returned result. Writing a test for this case would require special skills and abilities, and the probability of making an error in the test is as high as the probability of an error in the code itself that requires testing.
That's why, my friends, I stay away from cryptography. I'm just not so cool. Cryptography is a world where the usual understanding of the essence, understanding of the underlying mathematics and the ability to write tests is not enough.
You must set a goal to achieve excellence. If you can not reach - you are hopeless.
Cryptography is something that I better trust others. Either they were able to achieve perfection, I respect them extremely, or they didn’t work out either, I sympathize with that.
===
The translation author recommends reading at the same time habrahabr.ru/post/181372
Source: https://habr.com/ru/post/186416/
All Articles