> On 3 Jan 2016, at 14:12, Jesse V <kernelc...@riseup.net> wrote: > > On 01/02/2016 05:42 PM, Tim Wilson-Brown - teor wrote: >> And if we can't use the reference implementation, we have some decent >> programmers… >> (On the other hand, if there's no reference implementation, then that >> makes it hard to recommend that particular crypto scheme.) > > That sounds pretty close to a "roll your own crypto" idea, which as I'm > sure you know is almost always a poor idea. Classical algorithms like > RSA and Diffie-Hellman are ~40 years old but they have many > side-channels and are still hard to implement correctly. There are so > many subtleties with ECDHE and ECDSA, with the notable exception of the > safer *25519 cryptosystems from djb. Post-quantum cryptography is over > my head, but considering the pattern and the newness of the field I > wouldn't trust any implementation unless it was written or at least > vetted by the authors of the respective post-quantum crypto system.
Point taken. It was a bit of a throwaway line, rather than a serious suggestion. tor currently uses external crypto implementations rather than writing our own. Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP 968F094B teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev