Ask HN: Where to ask for feedback about a cryptography related tool

8 points

5 years ago

First of all I know that "implementing your own cryptography is bad". However, at some point, one does stumble upon a use-case that is not (well) covered by existing tools.

Now, assuming one has already done his due-diligence and has read (and hopefully understood at least the main ideas of) cryptography related RFC's / papers / articles / posts / etc. (especially in the area pertaining to what one wants to build), and thus we can assume one is not a complete newbie in this mater, however, nor is he an expert. Basically we can assume he is an "amateur".

Where would one go with his design to ask for feedback about it, in the hope to at least eliminate some weaknesses that one (as a non expert) might have overlooked. (I'm not speaking here about "proofs" or "audits".)

----

More specifically ---- but please let's not get into this right now, this being just an example ---- I'm trying to implement something similar to `scrypt` (the encryption utility, that uses the `scrypt` PBKDF, <https://github.com/Tarsnap/scrypt>) or `age` (<https://github.com/FiloSottile/age>), as a replacement to my current solution that relies on GnuPG.

6 comments