Security Tip: Don't Roll Your Own Crypto!
[Tip #103] It's story time! Let's look at the SHA-3 competition as a reminder that crypto is hard... 😱
There is a very well known saying in the security industry:
"Don't roll your own crypto!"
Which basically means that cryptography is hard, so it's so incredibly easy to overlook something and leave a weakness that's just waiting to be exploited.
This is why it's sitting at #4 on my Audits Top 10. It's so easy to get wrong, and I often see folks getting it wrong during audits. In a number of subtle and less-than subtle ways.
But rather than talk about one of those, many of which I've covered before, today I'm going to tell you a short story that my partner was told by one of her lecturers at university, back when she was studying Electronic Warfare...
Yes, you read that correctly: my partner studied Electronic Warfare at university. She was working for the Australian Department of Defence on Submarines at the time... and that's all I can tell you... 🤐
But back to her university course! One of the subjects are cryptography, where they were taught how to do basic cryptography by hand, among other things. Her lecturer was telling the story of SHA-3, which is the latest iteration of the SHA (Secure Hash Algorithm) family.
As a quick background, SHA-1 is pretty well known, but is no longer considered secure. SHA-2 (you'll know it as SHA-256, SHA-512, etc) was the replacement published by the NSA (National Security Agency) in 2001. Now, while SHA-2 is still considered secure, it may be broken in the future, so NIST (National Institute of Standards and Technology) launched the NIST hash function competition to find the new hashing algorithm to be known as SHA-3.
To cut a long story short, cryptographers from all over the world gathered for the competition and developed their best hashing algorithms. A lot of incredibly smart people came up with algorithms they considered to be secure.
They had 52 algorithms for round 1 of the competition.
Only 14 made it to round 2.
38 hashing algorithms, developed by cryptographers, and believed to be candidates for SHA-3, where broken or had "substantial cryptographic weaknesses".
Only 5 of those 14 made it through round 2 to be finalists.
In the end, Keccak was chosen to be SHA-3.
Although I was unable to find proof, my partner's lecturer told the story that one of the submitted algorithms was cracked by another cryptographer who only needed pen and paper to manually check and identify the weaknesses in the algorithm. The weaknesses was that obvious, except to the folks who built it, who were too deep in the complexities to notice the flaws.
Cryptography is hard, so trust the standards and best practices, and don't roll your own.
