Larry Osterman's WebLog

Confessions of an Old Fogey
Blog - Title

Should developers learn crypto?

Should developers learn crypto?

  • Comments 20
Over the weekend, Paul Maher posted an article in which he asked if developers needed to understand cryptography.

I responded in his comments, but it needs a bit more detail than I provided in the comments.

I'm all for developers learning about crypto.  But developers also need to understand that it's all well and good for them to understand crypto, as long as they don't ever actually attempt to IMPLEMENT crypto.

Because if they do attempt to implement crypo, they're going to get it wrong.

There have been WAY too many examples of this.  From the initial Microsoft PPTP implementation, to Netscape's SSL implementation (I can't find the reference right now, but the original Netscape SSL implementation used an easily discovered initialization vector which rendered the encryption essentially useless), to the authentication scheme for Dark Age of Camelot, the list goes on.  All of the above issues have long been fixed, but that doesn't matter, because they all share a common flaw.

The root cause of each of these failures was a developer that thought they understood crypto but didn't REALLY understand it.

Whenever a developer decides that they can implement crypto, they need to stop and rethink what they're doing, because they ARE going to get it wrong.

It makes sense for a developer to understand the relative strengths and weaknesses of different crypto solutions, to understand why SHA-1 is better than MD5, etc.

But developers also need to understand that doing cryptography right requires special skills that most developers don't have.

Instead of attempting to roll their own crypto, they should rely on the cryptographic solutions that are built into the platform (CryptoAPI is your friend).  If you stick to existing implementations, you're less likely to mess it up.

And whatever you do, don't attempt to roll your own authentication scheme - for every way you can mess up crypto, there are a dozen ways you can mess up authentication.  See this wonderful dialog (I've referenced it before) for an example of the kind of pitfalls you can hit designing an authentication system.

So it makes sense for a developer to LEARN crypto.  But developers shouldn't believe that they can IMPLEMENT crypto.  Because (with very few exceptions) they can't.

So feel free to learn about crypto - there's a lot of great stuff there.  I highly recommend Simon Singh's "The Code Book" (or the YA version of the same book)  And of course Schneier's Applied Cryptography is a classic.

But recognise that just because you've read a couple of books about cryptography, in general you're not competent to actually implement cryptography.


  • Another in agreement - at some point you're going to need to know some basics about crypto and its applications. But please don't roll your own. I'm very green but I've already seen crappy broken handrolled versions of crypto algs that don't produce the correct ciphertext.

    Of course this means these broken implementations can't be replaced with correct ones. Don't do this.
  • I see the comment against PPTP, so your recommendation is L2TP then, for VPN?
  • As far as i know, there are no issues with PPTP, and there should be no issues with it's use.

    The original PPTP version was developed by deveopers, not cryptographers. Then we had the cryptographers review the protocol and found problems. So we fixed them. Bruce Schneier reviewed the V1 of the protocol and found the same issues we had found. The only current complaints that Schneier has about the protocol is that it's as secure as the user's password - if the user has a strong password, it's ok, if they don't, it's not.

    Mike, rand() isn't cryptgraphically secure. To my knowledge, no C runtime libraries version of rand() is cryptographically secure.

    If you want crypto-grade random numbers, try CryptGenRandom().
  • I can't agree with you more Larry. The best way to go about these kind of things is to understand what you are implementing (and why) and then use what the experts build for you.

    I wrote something similar to this a while ago concerning multithreading here:

    Hope the URL doesn't get shredded...
  • PingBack from

Page 2 of 2 (20 items) 12