Hacker News new | past | comments | ask | show | jobs | submit login

Is not the solution to have crypto libraries abstract away the exact crypto algorithm used. Say it provides a collection of symmetric key algorithms without letting the users pick which algorithm is used. This way the library can update and prohibit algorithms deemed insecure and the user doesn’t have to worry about it.



Algorithm agility is a feature of most cryptographic protocols, and it is hard to do well. https://tools.ietf.org/html/rfc7696


Why is it difficult? TLS 1.3 has a much smaller set of cipher suites than previous versions. Does that help?


The reason for that is that there were way to many attacks on earlier TLS versions that used the cryptographic agility to make the victims use poor crypto. The strong crypto was never broken, but the protocol was used to make sure strong crypto never happened.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: