The comments, though. My god, the comments. "Yeah, but how can you trust a cryptography library? This one time, I used a library to parse email addresses, and I wound up having to do it myself. It's like with your car, do you really need the mag-alloy wheels, or shouldn't you just do things right yourself. Like this one time, I took AES and randomized the S-Boxes so even the NSA couldn't decrypt it and" --- sorry, I lapsed into comments from Colin Percival's blog.
Maybe it's just me, perhaps because I didn't understand a damn word in this article[1], but I've never attempted to implement any sort of cryptographic functionality myself. Occasionally I'll MD5 something for the sake of convenience, but it is never meant to secure anything. I don't know why so many programmers actually write their own code. It's silly. There are people way smarter than me in basically every programming domain that exists. I'd rather use their code.
