Profile picture
Colm MacCárthaigh @colmmacc
, 18 tweets, 4 min read Read on Twitter
New week, new mini-thread! This one is to say that if you are a software developer, or aspire to be one, you should absolutely get into writing cryptography. Now is a really great time to do it. Here's why, and here's how ...
First off: there's a trope out there that cryptography is for geniuses only. That you have to be one of the smartest people in the universe. That you have to be amazing at math. Anything less than that and you should steer clear. This is GARBAGE NONSENSE.
Writing good cryptographic code, and even understanding cryptography to a good level, is no harder or special than other kinds of programming. Personally, I find UI programming, writing an app, or even figuring out basic CSS more daunting.
Cryptography is a security boundary, and it can be impenetrable, so it gets a lot of hype and mistakes can have a high perceived cost, but once you get a millimeter into the field, a lot of that melts away.
It's true that single line errors, even one-letter typos, or subtle mistaken combinations of otherwise perfectly fine algorithms can result in security problems. And because the error "seems" so small and simple, you can look a bit like an idiot, and immature folks will run that.
But NOBODY ... NOBODY worth respecting thinks that. What's more is that these errors tend to break things at the margins. There are layers of defense. The bomb rarely goes boom. It's safer than availability engineering IMO.
We are right now at about the golden start of misuse resistant cryptography. Libraries like NACL/libsodium/tink are a basic reckoning that cryptography has to be safe for mortals to use. That makes humble mortals the PERFECT people to be involved writing it.
And there's not too much to it. You could spend three to five hours a week reading up on cryptography and playing with toy projects and in a month you can fully understand the math behind say RSA, DH, AES, ChaCha20. A few more and you can include EC.
That's a ridiculous return on an investment. Do the CryptoPal challenges at cryptopals.com. Complete those! Unbelievably employable, Big shortage of people like that, probably forever.
The key to all this is to find a team that does have some experts, who can review your work and give you feedback and a safety net. Feel free to contribute to github.com/awslabs/s2n , we'll absolutely help you! I know other projects are welcoming too.
... which is another thing. The Cryptography world, and security more broadly, is mostly super friendly, nonjudgmental and on the side of the oppressed. It's an awesome community to be in.
O.k. back to some why's. So misuse-resistant cryptography is taking off. Great time to surf the wave. But there's more coming! Securing data against post-Quantum threats is going to keep us all busy for the next 10 years minimum.
Secure end-to-end cryptography is becoming table-stakes. Everything needs it, everywhere. How many other fields can you say that about?
Some closer stories from my personal experience: at Amazon we hire a lot of people from college into a general-purpose SDE1 role. We've had many such people join one of our crypto-focused teams and absolutely succeed.
If you go through the commits of s2n, you'll find a bunch! And they are absolute *experts* now. It's amazing to watch them dissect things. This stuff is totally doable. It's not magic, forbidden knowledge only for the special few. It's for US!
My own story is littered with being garbage at math. I was a C student in high-school. Same when we did math at university. But getting into Cryptography really changed that. It unlocked a lot of the "why" of math for me, it gave it all a sudden purpose that was super motivating.
... I ended up *teaching* university level math, and I still teach a bit today. I still make mistakes, my numeracy isn't great, and I'm not going to be a mathematician any time soon, but it's gratifying to at least be competent. Thanks to Cryptography!
Final tweet: Don't be discouraged by the intimidating appearance, find a team and spend a few hours a week on it, and get stuck in. If you do it now, it's really really good timing, and you can make LOTS of money. Also: we're hiring.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Colm MacCárthaigh
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @colmmacc see all

Profile picture
Another year, another bit closer. I'll never stop being amazed at just how bad Google is at AI and what they'll throw out there!
These lyrics composer and category errors have persisting for 8 years now, that I've been tracking. I give feedback every time I see one.
Previously:

, ,
Read 3 tweets
Profile picture
Last tweet thread of the year is a meta-one! I'm going to round up the most popular tweet threads I've done. Coming in at number 1: the most popular, by far, was all about how to generate and use random numbers safely.
Number 2: all about the quirks and delight of the modern Irish presidency. Éire Abú!
Number 3: All about TLS1.3 and why it's better:
Read 12 tweets
Profile picture
Very serious question: Are there AWS services that you think are missing? What new infrastructure, security, or data service would you most like to see us build? Here's why I'm asking ...
Every 5 years or so I look around and try to pick an area to work on, and then commit and persist. 10 years ago it was to build our edge: CloudFront, Route 53, and anti-DDOS. 5 years ago I moved to ELB and ended up building VPC Networking, HyperPlane, TLS, Cryptograpy and more ..
Time for another look around! I have some ideas myself already, mostly crazy, I'm curious about thoughts and suggestions from folks here.
Read 3 tweets

Related threads

Profile picture
Very Brief Introduction to the Blockchain Technology #Thread
Before I proceed, please note, I do not have formal training on the subject matter. The knowledge is from research and thousands of blockchain articles I have ghostwritten. Hence, feel free to chip in your bit. The world is tending towards disruptive technologies, let's join.
In recent times, particularly between 2009 and now, the blockchain technology has continued to attract attention. Let's go back to 1990 when the internet was made public, the truth is that the technology at the time was faced with a lot of criticisms & skepticism, to the extent
Read 28 tweets
Profile picture
La climatologue (ex cheffe du département climat de Georgia Tech) @curryja publie une analyse détaillée des projections de hausse de niveau des mers #Mini #Thread

curryja.files.wordpress.com/2018/11/specia…
Ce rapport lui a été commandé par des clients directement concernés, dont des assureurs. C'est un boulot sérieux produit pour le compte de gens très sérieux.
Les conclusions:
- Toutes les conclusions sont à regarder avec circonspection car la qualité des données de niveau des mers est moyenne.
Read 7 tweets
Profile picture
Mini #Thread - Les gens qui saccagent des Porsche ou similaires oublient que:
Un objet de luxe est un moyen très pacifique de prendre l'argent des riches en jouant sur leur snobisme, et de le redistribuer:
- à des ouvriers
- à des vendeurs
- à des garagistes
- etc,
Bref, tous les salariés participant à la chaine de valeur du luxe, qui sont loin d'être eux mêmes millionnaires, en bénéficient. Le luxe est de ce point de vue un créneau comme un autre.
Qui plus est, l'objet de luxe automobile (mais pas que) permet d'expérimenter des technologies qui, plus tard, trouveront place dans la voiture de M. Tout le monde.
Read 5 tweets
Profile picture
Mini #Thread - Pouvoirs publics: "Mais que faites vous de notre pognon ?" - Exemple du désastre financier annoncé du métro Grand Paris

contrepoints.org/2018/12/02/331…

Par @MPNathalie
Les calculs de la cour des comptes donnent le vertige: La dette consentie pour le MGP ne pourra être amortie qu'en 2084, et les frais financiers cumulés atteindront... 134 milliards, pour un investissement initial estimé (pour l'instant) à 38 Mds...
C'est embêtant, parce que ce genre d'équipement doit être remis à niveau tous les 30 ans environ. Et prendre un crédit supérieur à la durée de vie d'un équipement, ce n'est pas top en terme de gestion.
Read 7 tweets
Profile picture
Mini #Thread Règle numéro 1 du projet foireux:
- Si vous vous rendez compte qu'un projet est tellement foireux qu'il va vous coûter beaucoup d'argent, vous devez l'abandonner, MÊME SI VOUS PERDEZ CE QUE VOUS Y AVEZ DÉJA MIS.
Il vaut mieux abandonner un projet qui vous a coûté, disons, 500 millions, mais risque de vous faire perdre 200 millions par an quand vous y aurez mis 1 milliard, plutôt que de s'entêter.
Bref, quand on se rend compte qu'on s'est fourvoyé, il faut l'assumer.
Application pratique: si le gouvt a des éléments pour penser que le prélèvement à la source est pour lui un risque majeur, alors il DOIT l'abandonner, même si cela fera rire de lui. /fin
Read 3 tweets
Profile picture
#New PA cong. map increases D chance of winning the House majority by 4%. They only need a 6.8% generic ballot margin now (down from 7.7) to be favored.

Diff. will be closer to 10% in Nov when uncertainty from polls is ⬇️. Redraw is a very big deal.

One major reason the new PA map is such a big gain for Democrats is that it solidifies, not just tips, PA districts in Philly burbs. Also creates one additional vulnerable R district. (Easily seen in this map made by @JMilesColeman)
My forecasting model will have new PA map in the near future. This is not just a simple switch; it’s a coding redesign, restructuring of input, & drawing new geographic files. Takes a while (for me, a student).

In the meantime, just add 3-4% to the model: bit.ly/2018_house
Read 4 tweets

Trending hashtags

#AIPAC #ABD #RepublicanConServative #GrossOilgarchalProfiteers #SaudiArabia #DemocracyIsOnADefibrilllator #GOPlatform #Business #UN #RescueDemocracy #WhiteSheetsAndHoods #DemocracyIsOnADefibrillator #Behavioralpsychology #DataIntegration #KKKavanaughSexualViolenceVictim #Content #RightsLivesAndDemocracyAtRisk #Oil #KKKorruptSCotUS #SocialMediaMarketing #Kingdom #FemaleGOPutriDepravity #GOPtWmPutinCoupPolitics #bias #bitcoin

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!