16 When and where cryptography fails

 

This chapter covers

  • General issues you can run into when using cryptography
  • The mantras to follow to bake good cryptography
  • The dangers and responsibilities of a cryptography practitioner

Greetings, traveler; you’ve come a long way. While this is the last chapter, it’s all about the journey, not the end. You’re now equipped with the gear and skills required to step into the real world of cryptography. What’s left is for you to apply what you’ve learned.

Before parting ways, I’d like to give you a few hints and tools that’ll be useful for what follows. The quests you’ll face often follow the same pattern: it starts with a challenge, launching you on a pursuit for an existing cryptographic primitive or protocol. From there, you’ll look for a standard and a good implementation, and then you’ll make use of it in the best way you can. That’s if everything goes according to plan. . . .

Before we part

Someone who seeks to bridge the gap between theory and practice will have to slay many dragons. Here’s your sword—take it.

16.1 Finding the right cryptographic primitive or protocol is a boring job

You’re facing unencrypted traffic, or a number of servers that need to authenticate one another, or some secrets that need to be stored without becoming single points of failure. What do you do?

16.2 How do I use a cryptographic primitive or protocol? Polite standards and formal verification

16.3 Where are the good libraries?

16.4 Misusing cryptography: Developers are the enemy

16.5 You’re doing it wrong: Usable security

16.6 Cryptography is not an island

16.7 Your responsibilities as a cryptography practitioner, don’t roll your own crypto

Summary

sitemap