This article is quite confusing. cperciva seemingly doesn't understand how "modern crypto", as far as the general developer population understands it, is very much not different from 90s crypto.
Here is a great real-world example from last month. Synergy added "encryption support":
"Stryker, we actually use the Crypto++ library and do not "code the encryption" as you put it. If you are not happy using Crypto++, then please disable encryption and use SSH tunnelling instead. The trend seems to be that most users do not know how or do not want to use SSH tunnelling, and would prefer for this to be built into Synergy itself.
Discussing this further is a waste of time. Patches welcome."
Wow, that comment thread... does not lend itself to confidence in their project's security.
It also illustrates a really key point about crypto: because it looks simple (oh, just run the bytes through that function/hash/send them over SSL), people assume that it is simple they know enough to hack together a decently secure system.
At the very least, a healthy respect of crypto theory is called for. In my experience most developers do not have this healthy respect and see crypto as a magic black box that makes data unreadable.
I find attacks on cryptosystems illustrative for the "oh CRAP" moment. Oh CRAP salted hashes are a terrible idea. Oh CRAP you can pad a hash to make a remote system accept "signed" data. The more I learn and the older I get, the more cautious I am.
Here is a great real-world example from last month. Synergy added "encryption support":
http://synergy-foss.org/spit/issues/details/12/
(scroll to the bottom)
"Stryker, we actually use the Crypto++ library and do not "code the encryption" as you put it. If you are not happy using Crypto++, then please disable encryption and use SSH tunnelling instead. The trend seems to be that most users do not know how or do not want to use SSH tunnelling, and would prefer for this to be built into Synergy itself.
Discussing this further is a waste of time. Patches welcome."