I posit to you that the reason developers find it hard to do anything related with encryption is not because they’re in the weeds of how the algorithms work. Rather, it’s the confusing barrage of acronyms and standards that all reference each other.
I posit to you that the reason developers find it hard to do anything related with encryption is not because they’re in the weeds of how the algorithms work. Rather, it’s the confusing barrage of acronyms and standards that all reference each other.
@lmika since I know a number of civil servants, this made me laugh... a similar issue with acronyms and standards in government agencies...
@annahavron Oh yeah! I worked in the public service for a spell and they love their acronyms. 😄
@lmika A few times a year I need to deploy keys for SSH. In spite of having notes about how to do so I still find the need to spend an inordinate amount of time studying them to be sure I can get it right. Frankly the tools are ridiculous. What could be “plain english’ for key distribution is instead a bunch of gobbledygook. I think the creators like it that way so they can maintain a “black magic’ aura.
@ronguest Yeah, I agree that the tooling needs to be improved a lot. I groan whenever there's a procedure involving the use of "openssl". As to the maintenance of the "black magic" aura of cryptography: yeah, there might be a bit of that, I don't know. But it does the industry a disservice if that's the case, especially when it's so important for regular developers to know how it all works, even if it's just to recognise when it needs to be applied.