Hacker News new | past | comments | ask | show | jobs | submit login

> it appears to me that the primary problem is people who roll their own RSA implementations

And why do you think they do? The article has an explanation for this: RSA looks easy enough to implement. If you tell people to use RSA, many will roll their own, even if they don't know what they're doing.

And to be honest, after having read this article, I don't trust even the properly peer reviewed implementations of RSA. And if compatibility is an issue, I'll first try to convince whoever I must convince to switch to Curve25519, which is simpler to implement, more secure, and faster in most cases. (Of course, one should still use an existing implementation.)

There are many advantages to Curve25519, but in many cases you need to use RSA. E.g., when you're trying to talk to arbitrary websites securely, you don't get to choose what was used to sign their certificate. There are many circumstances where you have to build systems that work with other systems, and ignoring that doesn't make it go away.

I think the key advice is to use an existing crypto library. A non-expert who tries to implement ECC themselves will almost certainly screw it up as well. Sure, it is a little less likely, but it is still possible.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact