Chapter 8. Cryptographic Foibles

Many times I’ve heard statements like, "We’re secure—we use cryptography.." The saying in cryptographic circles is, "If you think crypto can solve the problem, you probably don’t understand the problem." It’s unfortunate that so many developers think crypto, as it’s often abbreviated, is the panacea for all security issues. Well, I hate to say it, but it isn’t! Crypto can help secure data from specific threats, but it does not secure the application from coding errors. Crypto can provide data privacy and integrity, facilitate strong authentication, and much more, but it will not mitigate programming errors such as buffer overruns in your code.

In this chapter, I’ll focus on some of the common mistakes people make ...

Get Writing Secure Code now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.