Profile picture
Colm MacCárthaigh @colmmacc
, 18 tweets, 4 min read Read on Twitter
New week, new mini-thread! This one is to say that if you are a software developer, or aspire to be one, you should absolutely get into writing cryptography. Now is a really great time to do it. Here's why, and here's how ...
First off: there's a trope out there that cryptography is for geniuses only. That you have to be one of the smartest people in the universe. That you have to be amazing at math. Anything less than that and you should steer clear. This is GARBAGE NONSENSE.
Writing good cryptographic code, and even understanding cryptography to a good level, is no harder or special than other kinds of programming. Personally, I find UI programming, writing an app, or even figuring out basic CSS more daunting.
Cryptography is a security boundary, and it can be impenetrable, so it gets a lot of hype and mistakes can have a high perceived cost, but once you get a millimeter into the field, a lot of that melts away.
It's true that single line errors, even one-letter typos, or subtle mistaken combinations of otherwise perfectly fine algorithms can result in security problems. And because the error "seems" so small and simple, you can look a bit like an idiot, and immature folks will run that.
But NOBODY ... NOBODY worth respecting thinks that. What's more is that these errors tend to break things at the margins. There are layers of defense. The bomb rarely goes boom. It's safer than availability engineering IMO.
We are right now at about the golden start of misuse resistant cryptography. Libraries like NACL/libsodium/tink are a basic reckoning that cryptography has to be safe for mortals to use. That makes humble mortals the PERFECT people to be involved writing it.
And there's not too much to it. You could spend three to five hours a week reading up on cryptography and playing with toy projects and in a month you can fully understand the math behind say RSA, DH, AES, ChaCha20. A few more and you can include EC.
That's a ridiculous return on an investment. Do the CryptoPal challenges at cryptopals.com. Complete those! Unbelievably employable, Big shortage of people like that, probably forever.
The key to all this is to find a team that does have some experts, who can review your work and give you feedback and a safety net. Feel free to contribute to github.com/awslabs/s2n , we'll absolutely help you! I know other projects are welcoming too.
... which is another thing. The Cryptography world, and security more broadly, is mostly super friendly, nonjudgmental and on the side of the oppressed. It's an awesome community to be in.
O.k. back to some why's. So misuse-resistant cryptography is taking off. Great time to surf the wave. But there's more coming! Securing data against post-Quantum threats is going to keep us all busy for the next 10 years minimum.
Secure end-to-end cryptography is becoming table-stakes. Everything needs it, everywhere. How many other fields can you say that about?
Some closer stories from my personal experience: at Amazon we hire a lot of people from college into a general-purpose SDE1 role. We've had many such people join one of our crypto-focused teams and absolutely succeed.
If you go through the commits of s2n, you'll find a bunch! And they are absolute *experts* now. It's amazing to watch them dissect things. This stuff is totally doable. It's not magic, forbidden knowledge only for the special few. It's for US!
My own story is littered with being garbage at math. I was a C student in high-school. Same when we did math at university. But getting into Cryptography really changed that. It unlocked a lot of the "why" of math for me, it gave it all a sudden purpose that was super motivating.
... I ended up *teaching* university level math, and I still teach a bit today. I still make mistakes, my numeracy isn't great, and I'm not going to be a mathematician any time soon, but it's gratifying to at least be competent. Thanks to Cryptography!
Final tweet: Don't be discouraged by the intimidating appearance, find a team and spend a few hours a week on it, and get stuck in. If you do it now, it's really really good timing, and you can make LOTS of money. Also: we're hiring.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Colm MacCárthaigh
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert is as a PDF, save and print for later use!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!