zlacker

>>qqqqqu+(OP)
Crypto and practical security. I get tired of the circular “don’t roll your own crypto unless you’re qualified”. How does one become qualified? I don’t feel like I know how to evaluate many of the arguments people make for or against technologies people argue about on HN, such as Signal or different password managers. I feel like “security through obscurity” is a bad thing, and “layers of security” are a good thing, but isn’t all security obscuring something, and how does one evaluate whether a layer is adequate? “Just use bcrypt” - okay, help me understand!

>>memset+tD
The reason people say not to roll your own crypto is that there is no secret answer to making things secure, we just have smart and creative people bash their heads against a crypto protocol/implement for a long time and hope we found all the problems.

So unless you have a good reason to do something else, and the budget to pay experienced people to bash their heads against it, you should stick to an implementation that has had this effort expended on it.

If you want an intro about common problems in custom cryptosystems, go look at cryptopals or something, but don't get too cocky that you know everything.

>>Eridru+6F
It's also easy to dramatically underestimate the order of magnitude of effort involved in "the budget to pay experienced people to bash their heads against it".