Is the prevailing opinion of cryptographers that "cryptographic agility" is a folly of developers?https://simplysecure.org/blog/developers-people-too …
-
-
Great writeup from
@agl__ on the hidden costs and pitfalls of cryptographic agility https://www.imperialviolet.org/2016/05/16/agility.html … - 1 more reply
New conversation -
-
-
depends entirely on the time horizon you're building for
-
@bradarkin I saw some backlash about agility from djb. Preference was to deprecate the protocol over swap ciphers. -
you can see that general preference in most of his code, eg NaCl. I guess you can call me an "agility skeptic."
-
I guess DNSCurve would have been a better example.
-
Anyway, only point was maybe not rushing to agility in all situations since it doesn't come "free" in reality.
End of conversation
New conversation -
-
-
but totally agree that smart defaults for dev consumers of APIs and avoiding presenting end users with any choice at all makes sense
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
designing & impl code now with the understanding that today's smart algo choice will not forever be the right choice seems smart
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
good luck with removing SHA1 otherwise
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I first heard the phrase "crypto agility" in context of MSFT SDL. Goal was to avoid hard coding MD5 with no recourse to swap later
-
the real reasons are 1) be ready for advances in crypto (e.g. sunset sha1) 2) address local regulations (China, Russia)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.