On 3 Jan 2016, at 14:12, Jesse V kernelcorn@riseup.net wrote:
On 01/02/2016 05:42 PM, Tim Wilson-Brown - teor wrote:
And if we can't use the reference implementation, we have some decent programmers… (On the other hand, if there's no reference implementation, then that makes it hard to recommend that particular crypto scheme.)
That sounds pretty close to a "roll your own crypto" idea, which as I'm sure you know is almost always a poor idea. Classical algorithms like RSA and Diffie-Hellman are ~40 years old but they have many side-channels and are still hard to implement correctly. There are so many subtleties with ECDHE and ECDSA, with the notable exception of the safer *25519 cryptosystems from djb. Post-quantum cryptography is over my head, but considering the pattern and the newness of the field I wouldn't trust any implementation unless it was written or at least vetted by the authors of the respective post-quantum crypto system.
Point taken. It was a bit of a throwaway line, rather than a serious suggestion. tor currently uses external crypto implementations rather than writing our own.
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F