Crypto Done Right, One Year In. Lessons Learned and Next Steps (U22a)
Crypto Done Right (https://cryptodoneright.org) is a research project under development at Johns Hopkins funded by a grant from Cisco. We introduced the project at ICMC 2018. The goal of the project is deceptively simple: to provide the IT community with best practices for practical crypto deployments. After a year of development, we have achieved many of our goals along with a wealth of lessons learned in the process. Most importantly for us, and for the cryptography community, we have established beyond all doubt just how significant the divide is between cryptographers and users and how critical our project is to bridging the gap.
We will review and discuss design choices of the currently posted content, as well as feedback we have received from the cryptography community. In particular, some cryptographers haven’t fully appreciated that the content is not directed at other cryptographers. Others have not understood the need to discuss outdated and dangerous algorithms that should have been long since retired but are still in use. From a certain point of view, outdated algorithms (and getting them safely retired!) are actually of higher priority to our project than the up-to-date, recommended algorithms.
Our on-going goal is to engage communities, such as the Cryptographic Module Community, in developing the content of the website and using it to help educate the wider technology world about correct cryptographic deployments.