at what point does advising strongly against rolling your own crypto become gatekeeping cryptography knowledge
@SuricrasiaOnline Bot that automatically responds to people saying some variation of that with this image:
@SuricrasiaOnline@cybre.space experimenting with crypto is interesting, the problem is using crappy untested crypto in sensitive contexts
@SuricrasiaOnline I once saw an article that said in a much more fleshed out manner, "'don't roll your own crypto' is basically 'abstinence only crypto' and is as effective as that implies it is"
@SuricrasiaOnline when you give the same answer to "I want to write my own TLS implementation for fun" as you give to "We are allergic to third party software and need to secure half a nations PII"
@SuricrasiaOnline Depending on the form of the argument, it's better or worse, but I think it's usually "don't use homegrown cryptography for anything important until it's seriously vetted", which I'm largely okay with. https://dadrian.io/blog/posts/roll-your-own-crypto/ and the associated podcast (with transcript) seem mostly reasonable to me.