Towards A Crowd-Sourced Cryptographic Knowledge Base (U31b)
Incorrectly deployed cryptography remains a scourge in cyberspace, and we identify recent hacks and breaches related to this problem. We believe that one source of such incorrect deployment stems from a breakdown between academia and industry; that research results are not being translated into practical guidance for those “in the trenches.” In response, we introduce a “Cryptographic Knowledge Base” to bridge this gap by providing concrete instruction on algorithms, key sizes, and other configuration parameters. In contrast to much of current cryptography documentation, this project focuses on “actionable intelligence” that can be immediately useful to developers, IT administrators, and managers. The design is also iterative, starting with high-level directives at entry-point pages followed by increasing technical complexity as the user navigates down the levels of the tree. The final key aim of this project is a vibrant community that drives the Cryptographic Knowledge Base forward in terms of both accuracy and content. Accordingly, even though we are still very much in experimental design stages, we welcome involvement and input from the world-wide IT community.