En why I don’t touch crypto explican un par de buenas razones para no tratar de inventar nada relacionado con la criptografía. Un buen recordatorio:
La generación de números (seudo)aleatorios es un problema difícil y hablan
de un fallo:
Last week’s issue in the random number generator in Cryptocat is a very good example.
The bug was an off-by-one error in their random number generator. The output of the function was still random numbers, looking at the output would clearly show random numbers. Given that fact, the natural bias for seeing code as being correct is only reinforced.
Comprender los conceptos no es suficiente, es muy fácil equivocarse:
I’m just plain not good enough. Crypto is a world where understanding the concepts, understanding the math and writing tests just isn’t good enough.
Mbpfernand0's Blog 