Bruce Schneier says “Remember this: The math is good, but math has no agency. Code has agency, and the code has been subverted.” (read original)
What this means is that the theory behind something — in this case encryption using “hard” mathematics — may be very good, but the implementation can be full of “gotchas” — errors, omissions, faults — and that‘s what will get you in the long term. He was specifically commenting on Edward Snowden’s revelations about the US National Security Agency and whether they can read all encrypted messages, but it can apply to many other software endeavors.
If you’re thinking of writing some software whose function is critical, and especially if lives depend on it, you have to be extremely careful with your implementation. And Open Source is a big plus because other eyes can look at your code and spot mistakes that you, as author, are likely to overlook.
So whatever you’re working on, be very, very careful with the implementation.
Leave a Reply