[tptacek]

People. Come on.

It is OK that you don't know the best curve to use, or that an IV needs to be included in your MAC.

What is not OK is shipping privacy code to users without understanding this stuff. You don't get to learn this stuff on the job. Sorry. I know it's not fair. But to do otherwise would be even less fair to your users.

First be sure of your crypto. Then set up the bug bounty.

You can donate mine, for the MAC bug (which is severe), to Partners In Health.