Hell Is Overconfident Developers Writing Encryption Code
7 comments
·February 1, 2025tptacek
This is a relatively long post that is kind of beating around the bush: these developers believed that OpenSSL was a trustworthy substrate on which to build a custom cryptosystem. It's not; this is why libraries like Tink and Sodium exist. They don't really need much more lecturing than "stop trying to build on OpenSSL's APIs."
jasonjayr
We were doing an integration with a partner for our customers, and the contact I was working with insisted on using some OpenSSL primitives that were exposed in PHP:
(a) they reversed the public + private parts of the key, and were upset when I communicated the public part of the key in cleartext
(b) they speced that the string being encrypted could not exceed 8 bytes ......
I tried so very hard and very patiently to explain to them what they were doing wrong, but they confidently insisted on their implementation. To deter fellow devs from trying this, I left loud comments in our code:
> So these guys are totally using RSA Crypto wrong. Though it's a PK Crypto system, they insist on using it backwards, and using signatures to send us cateencrypted values, and we send encrypted values back to them. It's dumb. I suspect someone read through the PHP openssl function list, spotted RSA_encrypt_private and RSA_decrypt_public and decided to get overly clever.
> This consumes a public key, and uses it to 'decrypt' a signature to recover it's original value.
> To further deter use, I will not add additional documentation here. Please read and understand the source if you think you need to use this.
null
Aeolun
The reason overconfident developers roll their own crypto is because the ‘cryptography experts’ are such asshats about it. Who wants to deal with someone that writes this?
Hell, even identifying which ‘cryptography expert’ actually knows what they’re talking about and which ones are windbags is often more trouble than it’s worth.
MarcelOlsz
>Hell, even identifying which ‘cryptography expert’ actually knows what they’re talking about and which ones are windbags is often more trouble than it’s worth.
If they look like they spent too much time in the sun you can't trust them. This criteria has yet to fail me.
tptacek
I don't love the post either but getting angry about it doesn't make it less right.
I didnt understand the point he was trying to make about trusting a public key from a remote server. At somepoint you need to trust some third party public key if you want to send them encrypted data and verifying ownership is kinda left to user. Hell even signal does that, who is really checking their contact security numbers to make sure the signal server didnt send you some bullshit...