Imagine a management meeting at company XYZ. At some point, somebody raises the issue of goods transportation between the newly acquired manufactory and the distribution points. Then one of the directors proposes "We definitely need trucks for transportation. We should appoint some of our engineers to study how trucks are designed and build some for us". Does that sound serious?

Of course not! In the very best case, this team will be able to produce some costly, dangerous vehicles that will need ten times too much fuel and get stuck every fifty miles - let alone the problem of legal authorizations to have that vehicle ride the roads. Nobody argues that: vehicles manufacturing is a job for vehicles designers.

Yet, it is often the very same attitude that gets adopted when it comes to cryptographic issues. Companies expect their computer scientists to read a few books on security, search the web, and design and implement the security architecture for their new product.

Why do people believe they should handle cryptography themselves?

Secure Hash Standard (SHS)
SHA-1 Broken: Collision Attack Found, Implications for Cryptography
NIST is issuing a tentative agenda for the development of a SHA successor
Does the proof of the Riemann hypothesis really bring the whole of ecommerce to its knees?
The Cost of Insecurity: Understanding the “Non-Loss” Benefit of Cryptography
The Cost of “Just Enough” Security: Why Good Cryptography isn’t More Expensive
Cryptographer Consulting: Security Transparency vs. Relying on Ourselves
Why do people believe they should handle cryptography themselves?
The Illusion of Simplicity: Why Designing Your Own Cryptography Fails
Why Do I Need a Cryptographer?
Founding Members
Academic and Historical References
What Is Our Methodology?
Security Courses, Cryptography Consulting, System Evaluation & TTP Services
Bridging The Gap Between Scientific Research And Industry Needs