-
Notifications
You must be signed in to change notification settings - Fork 1
Philosophy
This software is being developed with a different philosophy than many other recently-launched cryptographic tools. We would like to describe the philosophy to you here.
We are generally focusing on being good at the fundamentals of cryptography, and this tool is being designed as a study of the fundamentals so we can improve our skills in this area. We feel that without mastery of the fundamentals we cannot build higher-level systems like the Cryptosphere. Only when we are confident in our ongoing mastery of the fundamentals will we pursue higher-level systems built on these fundamentals.
These fundamentals include:
- Knowing and Performing Attacks: we believe a comprehensive understanding of cryptography is only possible with knowledge of the attacks, and that knowledge is best garnered empirically by performing attacks
- Designing Cryptosystems: we should know how authenticated encryption modes work well enough to design them ourselves and create cryptosystems that can stand the scrutiny of professional cryptographers. That said...
- Leveraging Professional Crypographers' Work: while we feel it's important to have the skills to design our own authenticated encryption modes successfully, we also understand that we should not be using homebrew cryptosystems in practice. This is because there are professional cryptographers who spend their entire lives thinking about these problems who can do a much better job than we can at composing cryptographic primitives.
"Most codes were designed by dilettantes and amateurs with no grasp of the underlying mathematics. It is really quite pitiable." -- Neal Stephenson / Cryptonomicon
Many recently-introduced cryptographic tools try to differentiate themselves by introducing some novel new cryptographic scheme or other new element which differentiates them from the crowd. They often ship their software and start announcing what they've done to the world, only to receive a big backlash from the cryptographic community.
We want to build boring cryptosystems. When a professional cryptographer audits our code, we want them to yawn. We want to optimize the amount of crazy in our code to as close as zero as possible.