Ask HN: Where to ask for feedback about a cryptography related tool

• scrypt

  15 460 7.0 C

  The scrypt key derivation function was originally developed for use in the Tarsnap online backup system and is designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt.

  

First of all I know that "implementing your own cryptography is bad". However, at some point, one does stumble upon a use-case that is not (well) covered by existing tools.

Now, assuming one has already done his due-diligence and has read (and hopefully understood at least the main ideas of) cryptography related articles / posts / etc. (especially in the area pertaining to what one wants to build), and thus we can assume one is not a complete newbie in this mater, however, nor is he an expert. Basically we can assume he is an "amateur".

Where would one go with his design to ask for feedback about it, in the hope to at least eliminate some weaknesses that one (as a non expert) might have overlooked. (I'm not speaking here about "proofs" or "audits".)

----

More specifically ---- but please let's not get into this right now, this being just an example ---- I'm trying to implement something similar to `scrypt` (the encryption utility, that uses the `scrypt` PBKDF, ) or `age` (), as a replacement to my current solution that relies on GnuPG.

• age

  214 15,298 4.9 Go

  A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

First of all I know that "implementing your own cryptography is bad". However, at some point, one does stumble upon a use-case that is not (well) covered by existing tools.

Now, assuming one has already done his due-diligence and has read (and hopefully understood at least the main ideas of) cryptography related articles / posts / etc. (especially in the area pertaining to what one wants to build), and thus we can assume one is not a complete newbie in this mater, however, nor is he an expert. Basically we can assume he is an "amateur".

Where would one go with his design to ask for feedback about it, in the hope to at least eliminate some weaknesses that one (as a non expert) might have overlooked. (I'm not speaking here about "proofs" or "audits".)

----

More specifically ---- but please let's not get into this right now, this being just an example ---- I'm trying to implement something similar to `scrypt` (the encryption utility, that uses the `scrypt` PBKDF, ) or `age` (), as a replacement to my current solution that relies on GnuPG.

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

Suggest a related project