One of my friends was talking to me:
Hey you see that guy? He is a very good programmer and he knows a lot of stuff.
I asked him whether he knew anything about this encryption algorithm. He told me that he knows a lot about encryption algorithms. In fact he writes his own encryption algorithms. He told me that it is always better to write your own algorithms.
Now I know how knowledgeable he is.
I have small request to make to all of the self proclaimed cryptographic experts out there:
Cryptography is hard. It is hard because there are always smarter people out there who can break your home-made super-duper encryption algorithm. If you are so confident in your abilities, use your own encryption algorithms in your own applications. Please don’t give it to the public. If are sharing your application with us, specify that you are using your own encryption algorithm so that we’ll understand how awesome you are and how awesome your products will be (and probably avoid using your awful application).
I know what you will be thinking right now:
But, nobody ever cracked my encryption algorithm!
That is because nobody cares. People have their own work to do rather than trying to crack your pet algorithm. If you really want to test the strength of your algorithm, try announcing a million dollar prize for the guy who breaks it.
And please don’t spread messages like “it is always better to write our own algorithms” among us mortals. May be you can do good security on your own; we can’t.