> And unless you're a cryptographer, you ABSOLUTELY SHOULD NOT roll your own encryption, and even then you're likely to screw things up.
I agree with this, but given this, how do you build a secure protocol that any programmer can implement themselves? Just saying "don't do it" will lead to posts like these that conclude that security might not be worth sacrificing the self-reliance. But this article also does offer some potential solutions, like tunneling the insecure protocol over a secure channel. I think that would be a better solution for this issue than the library you are proposing.
I agree with this, but given this, how do you build a secure protocol that any programmer can implement themselves? Just saying "don't do it" will lead to posts like these that conclude that security might not be worth sacrificing the self-reliance. But this article also does offer some potential solutions, like tunneling the insecure protocol over a secure channel. I think that would be a better solution for this issue than the library you are proposing.