Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://furry.engineer/users/soatok/statuses/113917392479083137">Soatok Dreamseeker (soatok@furry.engineer)'s status on Thursday, 30-Jan-2025 22:17:23 JST</a><a href="https://furry.engineer/@soatok" title="soatok@furry.engineer"><img src="https://gnusocial.jp/avatar/34725-48-20230823231406.webp" width="48" height="48" alt="Soatok Dreamseeker" style="position: absolute; left: 0; top: 0;">Soatok Dreamseeker</a></section><article><p>My job involves auditing and developing cryptographic software.</p><p>Most developers don't understand cryptography.</p><p>Most developers shouldn't ever need to understand cryptography.</p><p>Most users understand it less than developers do!</p><p>A large unwritten part of my job responsibility involves talking developers down from the ledge when they think cryptography is easy.</p><p>Once in a blue moon, I have a conversation that looks like this:</p><p>Dev: "I don't get why more people don't add end-to-end encryption! It was really easy: I broke the plaintext into 256 byte blocks and encrypted them independently with their recipient's RSA 2048-bit public key. I wrote it using BigInts in my computer science class, and it just works."</p><p>Me: "Hey that's horrifying and all but before we get into the details, how do you know which public key to use?"</p><p>Dev: "Oh, I store it in MySQL! The encryption is done in JavaScript, so I never see plaintext."</p><p>Me: [crying inside]</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4477423#notice-8765738">In conversation</a><time datetime="2025-01-30T22:17:23+09:00" title="Thursday, 30-Jan-2025 22:17:23 JST">about 4 months ago</time> <span>from <span><a href="https://furry.engineer/@soatok/113917392479083137" rel="external" title="Sent from furry.engineer via ActivityPub">furry.engineer</a></span></span><a href="https://furry.engineer/@soatok/113917392479083137">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Soatok Dreamseeker (soatok@furry.engineer)'s status on Thursday, 30-Jan-2025 22:17:23 JST Soatok Dreamseeker
My job involves auditing and developing cryptographic software.
Most developers don't understand cryptography.
Most developers shouldn't ever need to understand cryptography.
Most users understand it less than developers do!
A large unwritten part of my job responsibility involves talking developers down from the ledge when they think cryptography is easy.
Once in a blue moon, I have a conversation that looks like this:
Dev: "I don't get why more people don't add end-to-end encryption! It was really easy: I broke the plaintext into 256 byte blocks and encrypted them independently with their recipient's RSA 2048-bit public key. I wrote it using BigInts in my computer science class, and it just works."
Me: "Hey that's horrifying and all but before we get into the details, how do you know which public key to use?"
Dev: "Oh, I store it in MySQL! The encryption is done in JavaScript, so I never see plaintext."
Me: [crying inside]
In conversationabout 4 months ago from furry.engineerpermalink

Public

Embed Notice

HTML Code

Corresponding Notice