This question is aimed at both developers and consumers. The role I fulfil is strictly cryptanalytical; that is, when I work on a project, I conceptualize what the security infrastructure should look like, from a cryptographic standpoint, but the developers ultimately implement this conceptualization of mine. Oftentimes, when I’m brought onto the project, there is already an infrastructure in place, and nine times out of ten, it’s insecure, because it’s either missing something or doing something wrong. I’m in the process of writing a rather large series on this, but that’s all the details I’m relinquishing for now. 😉
Anyhow, my question is this. As a developer, what types of goals do you try to achieve, cryptographically? I know this is context-dependent, but at the bare minimum, what do you feel is sufficient, for preserving confidentiality and integrity? As a consumer, what do you look for in a cryptographic solution? What characteristics are deciding factors?
Okay, so one question turned into four. Oh well. Hehe. I ask because I’ve noticed a lot of falsified stigmas and misconceptions that lead to developers falling short and consumers looking for the wrong things. An ongoing interest of mine is learning more about why cryptography fails so often at the implementation level, and why some bad cryptographic products are able to gather a large fan base. More importantly, I’m learning for the sake of suggesting ways to mitigate the effects of these issues, and in some cases, avoid them altogether.
Thanks in advance, and a great Thursday to y’all from the Carolinas!