> super skeptical about "second-hand" reimplementations
I'm just curious, how first-hand implementations are different? Obviously they could end up with vulnerable code just as easily and there's a ton of evidence they do.
I guess what I meant was the type of libraries that (often non-crypto-experts) port over to their favorite language. I'm sure that Go is one of the better ones, but there's lots of "random" implementations of ssh/ssl/crypto floating around on sourceforge/codeplex/pear/github/whatever which are unlikely to have been as thoroughly battle-tested as the ubiquitous ones.