Comment on 512-bit RSA key in home energy system gives control of “virtual power plant”
sugar_in_your_tea@sh.itjust.works 2 months agoEh, I disagree. Cryptography really isn’t something your average software engineer needs to know about, as long as they understand that you should never roll your own crypto. If you teach it in school, most students will forget the details and potentially just remember some now-insecure details from their classes.
Instead, we should be pushing for more frequent security audits. Any halfway decent security audit would catch this, and probably a bunch of other issues they have as well. Expect that from any org with revenue above some level.
umami_wasbi@lemmy.ml 2 months ago
At least have few lessons let them remember not to roll their own crypto, and respect those scary warnings. These needs to be engraved into their mind.
sugar_in_your_tea@sh.itjust.works 2 months ago
Security audits should be preventative. Have them before any significant change in infrastructure is released, and have them periodically as a backup.
umami_wasbi@lemmy.ml 2 months ago
At least engrave the concept of “don’t do it ever” won’t hurt, and won’t get outdated anytime soon.
However, this approach will hunt security in the long term as this brings to burden to the lib dev to maintain a foolproof design, which they can burnout, quit, and leave a big vulnerbility in the future as most dev won’t touch the code again if it’s still “working.”
Cybersecurity is very important in today’s digital landscape, and cryptography is one of the pillers.