[__jal]

I agree that everyone should learn more about crypto. It helps people understand what is actually going on, and what they can count on and not count on.

Engineers working around crypto that will be responsible for anything important, even doing seemingly simple things like feeding the entry point a password, need to either have their code audited by someone with experience here, or be a person who could audit it. This is because there are so very many ways that seemingly inconsequential things (function timing, hardware behavior in the face of voltage manipulation, nonzero-ed memory in deallocated buffers... and these are the more obvious things) that can lead to a break.

And that's really only a starting point... this stuff is hard. I won't try to write it other than for my own amusement.