Hacker News new | past | comments | ask | show | jobs | submit login

The opposite is true: if you implement ECDH yourself, you aren't unlikely to end up with software that thousands of different people will be able to break with their laptops. It's tricky to get right.



(1) You're saying use standardized fully-vetted methods.

(2) Parent is asking for something just slightly different enough that it escapes dragnets and automated attacks.

There is no question that (1) is much better than (2).

But in special circumstances, one could do both (1) and (2) in cascade operation (i.e., do one first, then the other). If the code for (1) and (2) run as separate processes with independently chosen keys, seeds, parameters, etc., then it doesn't matter how awful (2) is. It might help, it might not help, but it won't make the security worse than using (1) alone.

The obvious downsides are slowness, code complexity, non-standard API/interface, code maintenance headaches, and false sense of extra security (but not worse security).


You have to be careful which algorithm you run first though. If you use your crappy implementation first, it might compromise the security of the second round of encryption.

ftp://ftp.inf.ethz.ch/pub/crypto/publications/MauMas93a.pdf


This was a great reverse engineering trick. A lot of "hackers" would make their tools super-secure by packing the binary and then protecting it with VMProtect. Because, that's way better than just using VMProtect by itself, right?

Except that you could run the VMProtected binary until just after the unpacking routine ended giving you the original binary in memory. Didn't have to understand VMProtect at all.

Thanks hackers!

The same thing isn't necessarily true with crypto, but the lesson is that thinking you're adding security by layering without knowing what you're doing might backfire.


Any handspun crypto will likely have trivial flaws. But they might escape the NSA's notice, in the same way that a hand-rolled CAPTCHA can sometimes prevent more spam than a better-designed but widely-deployed one?


Pretty much: Odds are that, if you roll your own, you’ll make mistakes which make your code trivial to break for a motivated attacker that is willing to put the effort into targeting you personally.

It’s also quite possible that the NSA/GCHQ/5-Eyes will notice that your communications are 'interesting, because different' and mark them to be stored in perpetuity in case they ever do decide that you’re of interest so that they can go back and break it all then.

So, how lucky are you feeling?


I don't think many people (let alone businesses) would rather introduce a risk of being exploited by a hacker than a huge government agency that could care less about their existence. And if you are in a position where the NSA does care to look at you closely, bad crypto is going to make their job easy.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: