[skybrian]

It's long been conventional wisdom that you shouldn't write your own crypto libraries - leave that to experts. But excellent open source libraries are available, which do get reviewed by experts. And if you're willing to study, maybe you can learn enough about cryptography to become one of the experts?

I'm wondering what other security-sensitive software that might become true of in the era of Mythos-or-better AI's?

There will still be open source projects that anyone could learn enough to contribute to, but maybe starting from scratch and writing your own becomes less feasible if you aren't attracting enough attention to get attention from people with access to the best AI's?

For example, Linux patches are going to get expert reviews, but maybe your homegrown OS won't?

[adrian_b]

Someone must have written the existing crypto libraries, so obviously they have not followed the conventional wisdom.

The advice that you should not write crypto libraries must be taken very seriously, but you must understand that its meaning is just that this is one of those things that is harder than it seems, so you must not try to do it before being thoroughly prepared for this, because there are no shortcuts, and there are a lot of otherwise good professionals in programming who have made fools of themselves by implementing amateurish cryptographic solutions that demonstrated ignorance about how such things must be done.

It is pretty much impossible for anyone to understand well enough all that you need for writing correctly a crypto library after a few days or weeks of study, but after a few years of studies and exposure to all relevant cryptographic literature, any competent programmer could become able to write a good cryptographic library.

An intensive cryptography course of a few months would have been sufficient, except that I have never seen any single teacher that I could consider good enough to teach everything. Many things that I consider very important I had to gather from multiple sources, after thinking very carefully about which of them were right and which of them were wrong.

Fortunately, today there are many more easily available sources for learning cryptography than a few decades ago. Like in other domains, now what has become difficult is not finding information, but distinguishing the correct and useful information from that which is either false or useless.

Similarly for writing an operating system.

For now, there is no evidence that Mythos has any special skills for discovering cryptography-specific weaknesses, like vulnerability to side-channels. All the bugs shown are the traditional bugs of careless programming, like out-of-bounds accesses or integer overflows.