On 8/27/2010 12:51 AM, Casey Ransberger wrote:
> I also think that crypto vetted by such a small community is extremely
> *dangerous*, if just because new users might confuse it with the much
> more well-vetted platform crypto that most programming systems make use
> of (I'm ill-educated here, so forgive me if I'm totally ignorant of
> something critical; I hope that WithPrimitive means "hooks into platform
> crypto," not "goes faster.")

Yes you are a bit ill-educated :-) First, the actual crypto algorithms 
(hashing, signing, encrypting, key exchange) are very small, very well 
documented and very easy to test. There are reference implementations 
and tests for all of them and it's virtually impossible to implement one 
of these algorithms wrongly and yet pass these tests.

"With primitive" in this context really means "goes faster" not "hooks 
into the platform" for precisely the reasons above. You will find that 
if you look at systems like Python and others that they do include their 
own implementation of these algorithms for precisely the same reasons.

Lastly, I'm not aware of *any* attack that has ever been used against a 
"wrong implementation" of some part of the core crypto code. Some 
algorithms have been broken entirely (such as MD2 or MD4) but generally 
when we hear about attacks, they're not in the simple crypto parts but 
rather include attacks against certificates, encodings etc. In 
particular certificate encoding and verification appears to be a prime 
vector for attacks. But MD5? SHA1? Not likely.

Cheers,
   - Andreas