Why You Don’t Roll Your Own Crypto


If you’re going to make an app for encrypted chat, or perhaps your own computer program for communicating securely, there is one golden rule.

Don’t roll your own crypto, bro.


In other words, don’t try to write the encryption scheme used by your product to lock down files, conversations or anything else from the ground up, or even attempt to wildly customize an existing solution. Homemade cryptography is generally considered to be more prone to bugs, and likely hasn’t been scrutinised by many other researchers or tested in the wild.

“Asking why you should not roll your own crypto is a bit like asking why you should not design your own aircraft engine,” Runa Sandvik, a privacy and security researcher, told Motherboard in a Twitter message.

“The answer, in both cases, is that well-studied and secure options exist. Crypto is hard and I would rather rely on encryption schemes that have been studied and debated than schemes that are either secret or have yet to receive much, if any, attention.”

Those established encryption solutions may include off-the-record messaging, which is perhaps most popularly used as a plug-in for chat clients such as Adium or Pidgin.