[bkeroack]

I can't help but think that the OpenSSL situation would not be so bad if more hackers were encouraged to participate in crypto libs. Even if nobody understands it at first, just going through the source will end up creating more crypto authorities in the community who can fix bugs and create new tools. As opposed to the forbidden black art that crypto is today.

[tptacek]

Horseshit. Anyone can learn cryptography, and anyone (just look at the history of the code) can add code to OpenSSL. The problem is that the parent commenter is correct, and that writing serious crypto code takes a serious research commitment. Nobody wants to do that; they just want to get the "crypto" hooked up to the "web chat" as quickly as they can.

It is frankly exhausting hearing the repetitive drone of people who couldn't exploit a CBC padding oracle if their life depended on it complaining about how crypto is a secret cabal.