Cryptography on Linux

Deployment of Cryptography has NOT Kept Pace with the Net

Almost no "real" products use "real" cryptography. What I mean by this is that the common tools we use daily to get our work done, be they operating systems, applications, file systems, or what have you, do not incorporate good strong cryptography into their basic operation.

Cryptography is almost always an "add-on" feature that is poorly integrated and difficult to use. Rather than make security the default, most developers add security on top of applications and force users to do something extra to take advantage of what cryptography there may be.

Most software development organizations (commercial or otherwise) do not employ cryptographers. Most think that they can "do it themselves". Cryptography looks easier to do that it really is. The results are generally less than sterling examples of secure cryptography.

Often, cryptographic products are hard to use and buggy. This leads users to see cryptography as being in the way of getting jobs done, instead of adding value to the jobs.

People tend to disable security systems to get their work done. They preceive security as something that is getting in their way. When add-on cryptography results in more work and more effort, people will try to avoid the inconvenience. The failure to preceive cryptography as a value add results in its lack of use.