libhairshirt vs libfootgun

Bombe machine used to crack Enigma ciphertext

 Peter Gutmann, an interesting crypto-academic from New Zealand, has proposed discussing two crypto libraries, libhairshirt and libfootgun:

  •  In libhairshirt, the crypto is hard to use, and the API is hard to use.
  • In libfootgun, the crypto is incredibly hard to use safely but the API makes it look really easy to use.

Gutmann’s comments arose while discussing the relative ease of making mistakes with modern crypto techniques. The discussion took place on the cryptography mailing list. Gutmann says he plans to write more of his observations about this one of these days.

Years ago I tried to write a paper about a company product that used an infamous approach to updating its traffic keys: use the old traffic key to protect the distribution of the new traffic key. I knew the approach was bad, and I tried to admit as much in the paper without sounding critical of our developers. Management decided that the article was too embarrassing to publish. I don’t remember exactly when this happened, but I responded by writing another book about crypto techniques.

In the days of über-hacking I would have just rewritten the offending code over the weekend. It’s annoying to get old (and for your skills to get old).

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.