I think the OP makes some good points, but I dislike when people are put off of working on their own crypto. Can crypto be difficult to implement? Certainly. Is it impossible? No. The OP makes it sound like properly implementing and authenticating a block cipher is way too difficult for the average programmer, when it is really rather trivial.
For those who can't read sarcasm over the internet, he's kidding. Go ahead, implement ECB mode, what could go wrong, LOL. I've also got a really nice "special" RNG for you too, although its really slow it is NSA approved.
If you only need security theater just stick to ROT-13.
As a tiny little sub area of computational activity, writing crypto is total sorcerers apprentice territory.
The problem is not that the specific tasks are too heady for most programmers, per se, but that it is easy to introduce a weakness into the system and almost impossible for most programmers to know when they have done so. Implementing an algorithm correctly is one thing; ensuring that your whole system does nothing to undermine the security you hope to get from that algorithm (even through side channels) is a lot iffier.
Remember, people with years of training and experience in the field have had their work defeated time and again. Do you really feel certain Joe Coder will make fewer mistakes than they did?
