GoRuCo 2013 – Krypt Semper Pi. @ YouTube
It’s a nice presentation which talks about difficulties in cryptography, and providing a library (Krypt) for easing it.
Using OpenSSL on ruby sometimes causes troubles. When it fails to work, cryptic message is displayed. Also, updating the OpenSSL can require re-compilation of ruby, or cause an error on CERT FILE, etc. It’s tough.
Also, the concept of “Security by Default” is quite important. It’s too difficult to appropriately use the library.
Recently I took a online cryptography course from coursera. It’s a great course, and the professor repeatedly indicates that “you should avoid doing it by yourself”. Inventing your-own-version of algorithms are often criticized, but also appropriately using the standard libraries is difficult (as indicated in the presentation – around 9:00).
Using password for encryption keys instead of random value (by using cryptographically-secure-random-generator), or applying inappropriate encryption modes/parameters can cause weakness. It’s tough.