Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You felt comfortable implementing AES yourself?


For learning purpose, why not? Taught me a lot more about crypto than I would have by simply reading about it. Of course, it wasn't meant for real-world use. :)


> How comfortable did you feel with AES when you were done with the project? Could you try to put into a sentence or two what you (i) didn't know about using AES before you did the project, and (ii) knew at the end of the project?

Frankly, I didn't know much about AES (or encryption in general) before I started working on the project. My only direct encounter with encryption was ROT13 in IRC channels. I felt that without doing at least some "difficult" task myself, the application would be a lot more easy, and nothing new in it for me to learn. So I read how AES works, and created a small implementation myself.

Afterwards, I had a bit more understanding of all the moving parts of AES. Gained a huge appreciation for the algorithm and security in general. Now that I think about it, I guess you don't really have to implement it yourself in order to understand it, but I did it anyway, because, well, I felt like it.

It was just a toy project tbh. I certainly don't consider myself an expert on the algorithm, and will still trust tried and tested library implementations over my own. But now I know what's going on under the hood.


This is interesting. Thanks for playing along with me.

Can I ask another question? Now that you've implemented the algorithm, would you feel more comfortable employing AES encryption on a future project, or less comfortable?


Is your question specific to AES itself, or just my own implementation? If it's the latter, I'm hesitant to say more comfortable. It's not something you can just implement in a couple days from memory. There's always a chance something might go wrong.

If you mean will I be more comfortable in using the algorithm itself, then definitely yes. At least for the moment. IIRC, there have been some partially successful attacks against AES, but nothing that has managed to break it fully.


How comfortable did you feel with AES when you were done with the project? Could you try to put into a sentence or two what you (i) didn't know about using AES before you did the project, and (ii) knew at the end of the project?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: