Techly NewsGet the app

Get the latest tech news

Hell is overconfident developers writing encryption code


Overconfident developers that choose to write their own cryptography code have plagued the information security industry since before it was even an industry. This in and of itself isn’t inhe…

–if George Orwell was an applied cryptography expert This misdeed isn’t limited to dubious apps that fork end-to-end encrypted messengers to strip off forward secrecy. At least once, when reviewing an end-to-end encryption project that implemented cryptography in JavaScript intended to run in the web browser, my question of “how do you know which public key to trust?” was answered with something shaped like, “Oh, we just store those in MySQL and fetch them from the server.” To err is to be human, but to routinely make preventable mistakes because people with my exact skillset haven’t yet delivered easy-to-use, hard-to-misuse tooling in the programming languages actual developers use–meeting them where they are, as it were?

Get the Android app

Or read this on Hacker News

Read more on:

Photo of hell

hell

Photo of encryption code

encryption code

Related news:

News photo

When AI promises speed but delivers debugging hell

News photo

UI is hell: four-function calculators

News photo

Doom: The Dark Ages looks metal as hell and launches in May

« DIY Projects Search Engine
The government information crisis is bigger than you think it is »