Conventional wisdom says, amateurs should not do cryptography: designing ciphers and cryptosystems. However, I'd like to popularize that amateurs SHOULD do cryptanalysis: attempting to break existing ciphers and cryptosystems. I do believe many cryptanalytic breaks, for example, the cache timing side-channel attack or the piling-up lemma, could have been derived by a clever "amateur" with no previous training in cryptanalysis. Practical cryptanalysis, searching for flaws in open-source implementations in cryptographic programs, is very accessible, in fact recommended to any programmer. There is a lot of bad crypto out there, waiting to be discovered.
Of course, after your first cryptanalytic break, you no longer deserve to be called an amateur.
No comments :
Post a Comment