16. Where cryptography fails and final words

This chapter covers:

  • The places where issues arise when cryptography is being used.
  • The mantras to follow to bake good cryptography.
  • The dangers and responsibilities of being a cryptography practitioner.

In this book, you’ve acquired a sense of the theory, and how it maps to the real world. What’s left is for you to actually apply it. To do this, I would expect you to go through a series of steps similar to these ones:

  1. You’d find out what are the relevant protocols and/or cryptographic primitives that address your settings or your problem.
  2. You’d try to find out if you can use already-existing implementations to implement a solution into your application or system.
  3. Perhaps no good implementation already exists, and you’d be confronted with the inevitability of implementing the protocol yourself, hopefully following a specification.

In this chapter, I talk about what can go wrong in any of these steps, as there are a multitude of challenges that someone who seeks to bridge a gap between theory and practice will meet.

16.1 Is this the right protocol? Formal verification to the rescue

16.2 You’re doing it wrong… About usable security

16.3 Be boring and polite, a few mentras of cryptography

16.4 Cryptography is not an island

16.5 Your responsibilities

16.6 Summary