Comment by tptacek
3 years ago
They don't have to (and shouldn't) retain highly skilled mathematicians. Nobody is suggesting that everyone design their own ciphers, authenticated key exchanges, signature schemes, and secure transports. Peer review is good; vital; an absolute requirement. Committee-based selection processes are what's problematic.
Where does the non-cryptographer public find out about the current consensus of the literature? Genuine question.
I guess if I saw what FAANG companies were using to secure their own data that could be an indicator. Though they could be compromised.
I'm just saying, you're speaking as an expert in the field. Let's say you don't want to do design any of that stuff but you need some parts of those systems for the thing you're building. How do you decide what you can or can't trust without having deep knowledge of the subject matter?
Maybe that's it, maybe you can't?
How do you know that Noise is a good design and that a cipher cascade isn't? Whatever (correctly) told you that, apply it to other cryptographic problems.
I see. So maybe what you’re really saying is “why are you writing a system that has cryptographic primitives if you’re not a cryptographer/mathematician?”
6 replies →