On Thu, Jun 16, 2022 at 11:20 AM an2qzavok <an2qza...@gmail.com> wrote: > >do not roll your own crypto > I believe this refers only to inventing your own algorithm, just > writing your own implementation of existing and tested algorithms is > fine.
I've heard it in both contexts. The more popular context I've heard it said in is re-writes. I presume because they're more approachable. What I've understood from industry as the basis for this is that you may forgo protections in your re-write that you didn't understand or recognize, but are necessary. Efforts towards side-channel resistance in the original library may be written off as bloat. My stance is do what ever makes you happy and betters your understanding, but make it easily discernable which projects are tested to be hardened and which are not. Telling people not to do something, or convincing them you are the only one capable usually stems from weakness. > Though, is encrypted root partition even desirable? > Since it only keeps your data safe when your machine is powered off, I > always thought of system disk encryption as snake oil at worst and at > best just not worth the effort. I've been saved on many occasions by not having an encrypted drive and being able to side-load my fs. On Thu, Jun 16, 2022 at 11:20 AM an2qzavok <an2qza...@gmail.com> wrote: > > >do not roll your own crypto > I believe this refers only to inventing your own algorithm, just > writing your own implementation of existing and tested algorithms is > fine. > > Though, is encrypted root partition even desirable? > Since it only keeps your data safe when your machine is powered off, I > always thought of system disk encryption as snake oil at worst and at > best just not worth the effort. >
