Hacker News new | past | comments | ask | show | jobs | submit login

Just because they don't get things perfect doesn't mean they don't do a much better job than you or I could do.



It is very useful to know how good the state of the art is to get a feel for if you could contribute or not. And I think that the state of the art has been exaggerated and that has discouraged contribution.

We can not just trust that these libraries are higher level esoteric magic that no mortal could understand. It is time to shine light on exactly what guarantees different libraries are providing, and how.


But we also know the state of the art of people who don't really know what they are doing going to write crypto, and that state of the art is "laughable".

You're being pointed straight at the problems discovered by other people. Of course they're obvious to you now. The question is, can you just pick up some OpenSSH code, read it and run it, and find a new problem yourself when nobody is pointing you straight at it? Because I'm sure there's at least one in there for you to find.

(Note I did not ask you if you could find this problem. Too easy to imagine that you can now, too hard to realistically pretend you don't already know about it. I'm asking you about new problems that nobody currently knows about.)




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: