That's from 10 years ago, so you might be able to find video of a more recent version; try to find a year when Wagner taught, he's great.
So unless you have a good reason to do something else, and the budget to pay experienced people to bash their heads against it, you should stick to an implementation that has had this effort expended on it.
If you want an intro about common problems in custom cryptosystems, go look at cryptopals or something, but don't get too cocky that you know everything.
Even in each of those, there are two "levels" of implementation: specifying an exact algorithm that implements a solution to problem x, and actually producing the code that implements the algorithm.
At some level, there is no ready-made solution to every problem. Even if the foundations are implemented by "somebody else", the line's blurry. At which level of (lack of) expertise and which level of "lowness" of the implementation should I start to worry?
By attacking crypto--a lot. And submitting your crypto to be attacked by others--a lot. It's the only way to develop the requisite level of humility to design good crypto.
Edit: I should add that even if you are an expert in cryptanalysis, you still shouldn’t just roll your own crypto. It’s the analysis of the entire community, not the credentials of the author, that makes modern cryptography so strong.
More generally, security is like any other field. You have to evaluate arguments based on the logic and evidence given. The main difference is that with crypto, it is much easier to shoot yourself in the foot and have catastrophic failure, since you have to be perfect and the attackers just have to be right once to totally own you. Thus the industry has standardized on a few solutions that have been checked really really well.
More generally, if you are interested, i would say read the actual papers. The papers on bcrypt, argon2 etc explain what problems they are trying to solve, usually by contrasting with previous solutions that have failed in some fashion. That doesn't mean reading the paper will explain everything or make you an expert or qualify you to roll your own crypto. Nor should you believe just because a paper author says something is a good idea that it actually is. It will however explain why slow hash function like bcrypt/argon2/scrypt were created and are better choices than the previous solutions in the domain like md5.
It's true, but you need to realize that you're qualified enough only when you understand that you shouldn't roll out your own crypto.
In my opinion, the only person who has credibly demonstrated being able to roll his own crypto is djb (http://cr.yp.to/)
> but isn’t all security obscuring something,
Keeping a secret isn't "obscuring" something, it's hiding it entirely. Security through obscurity is bad because it relies on attackers being dumb. The smartest person in the world cannot be expected to guess a well chosen and kept secret.
Oh, by all means, roll your own crypto, break it, and roll it again. Just do not use it.
Also, break other people's crypto and study theory.
By the way, the advice is not "unless you are qualified". Nobody is qualified to just roll their own. Good crypto is a community project and can not happen without reviewers.
It's not circular, it's a simple flowchart.
Are you writing an app or are you trying to invent more advanced crypto?
"writing an app" -> dont roll your own crypto
"invent more advanced crypto" -> go learn and research crypto history, math, etc..