> unless you're a cryptographer, you ABSOLUTELY SHOULD NOT roll your own encryption
I feel like this should be qualified a bit:
* If you are not a cryptographer, then you absolutely should not roll your own encryption scheme
* If you are not a programmer, then you absolutely should not roll your own encryption implementation
That is: cryptographer(s) should be working closely with programmer(s) to both design and implement an encryption scheme. Anything else is how we get things like Heartbleed.
I feel like this should be qualified a bit:
* If you are not a cryptographer, then you absolutely should not roll your own encryption scheme
* If you are not a programmer, then you absolutely should not roll your own encryption implementation
That is: cryptographer(s) should be working closely with programmer(s) to both design and implement an encryption scheme. Anything else is how we get things like Heartbleed.