Actually, You Are Rolling Your Own Crypto
The mantra “don’t roll your own crypto” is widely known and accepted amongst programmers, but what does it actually mean? It turns out that such a simple statement is not so simple to follow.
What many people take away from “don’t roll your own crypto” is that they shouldn’t create their own crypto algorithms. This makes sense. After all, most people wouldn’t even know where to start. So, instead of making up an algorithm when they need to encrypt data, an engineer might take on OpenSSL or BouncyCastle as a dependency and pat themselves on the back for using a well-established scheme. What they might not realize is that the algorithms themselves are the first in a series of traps, each of which can have catastrophic effects on the outcomes of cryptography use.
Algorithm selection, algorithm use, and protocol creation are all potential pitfalls that await once you’ve decided not to create your own algorithm. We’ll briefly explain examples of each of these.
/cdn.vox-cdn.com/uploads/chorus_asset/file/23951575/VRG_Illo_STK192_L_Normand_LinaKhan_Neutral.jpg)
