Crypto Journey day 689
Scott Contini said:
Depth is more important than breadth of expertise
I’m happy with my crypto breadth, I need to get more depth.
Matt Green said:
One sign that you’ve approached actual mastery of a subject is that you get less arrogant; because you’ve spent so much time being wrong.
I’m still being arrogant and wrong all the time. Shit.
A lot of marketing is being thrown around SHA-3 and BLAKE2. A lot of FUD on both sides. I’m wondering where things will be in 10 years. I really like the BLAKE book, I’m in a hate relationship with SHA-3’s spec, but in the end I find SHA-3 more exciting. I don’t pretend having enough knowledge to really judge if one is better than the other, but most of the people I read commenting on the subject know even less than me. Decisions will be taken by the loud people who are themselves following their opinionated and favorite cryptographers.
I’ve talked to people at Black Hat and nobody cares about Argon2. It’s not “available” enough. What does it mean? Isn’t having a C library enough? Wouldn’t developers know how to use their language’s FFI? Some of my friends work at companies that either store their passwords in clear or with MD5. At this point even PBKDF1 with shitty arguments would do.
SPHINX, the password manager presented by Hugo K. at RWC is nowhere to be seen. That’s kind of sad. 😞
Database encryption is useful to some degree, but the advances in the field are negligible compared to just plainly encrypting a database (with TDE for example). Cryptographers seem to argue violently about dishonest threat modeling in the state-of-the-art research 🍿.
There’s some competition on whitebox crypto. Seems like everything is getting broken. The companies providing solutions all remain closed-source and are probably just selling obfuscated products. In the end the application for such things seem to just be about optimization for DRMs.
CAESAR is still slow. At the last crypto summer school in Croatia, someone told me “symmetric encryption is a solved problem”. At the same event, Daemen publicly replied to a question from the audience stating that banks were still using 3DES because it still worked. There are some exciting constructions in the CAESAR competition (Ketje, Keyak, NORX, …) but they will probably end up forgotten like all the other winners of the other competitions (NESSIE, CRYPTREC, ESTREAM, …).
I can’t keep up with any ePrints I’ve put aside. Everyday there is more. I gave up and I am now reading papers on sponges instead.
TLS 1.3 is still not finished… On the other side you can already use it via the beta of some browsers and enable it for your websites via Cloudflare. Unfortunately it seems like they are all using draft 18 when we’re at draft 21. And more will change… At least attacks on SSL/TLS have stopped for quite some time now. I remember them being published every month a few years ago.
Secure messaging is led by Signal’s protocols, which are an over engineering of a simple problem using a lot of crypto. Nobody wants to use PGP, so this will do as long as it works. Forward-secrecy is overrated.
Quantum computers are probably just FUD to get grant money. But I can’t blame them: it revived a whole new field in cryptography looking for new symmetric and asymmetric constructions when there was nothing exciting about them anymore.
I have nothing clever to say about the blockchain and smart contracts. Maybe they have a future, maybe not. The good side is that more and more people are getting into crypto via cryptocurrencies (some of my friends included).
