It does not look so complicated.
This is the big problem with cryptography: it looks pretty simple.
After reading a book or two, people often feel tempted to start their own design, invariably leading to flawed results. Assembling cryptographic primitives into a complete application is a much more complex task than it may appear: the slightest mistake may introduce weaknesses that will make the full system useless.
Remember that pirates do not obey rules, so they rarely target the main defence line. Even specialists are sometimes surprised by the cleverness attackers devote to adopting an unexpected attitude when dialoguing with security applications, and an incredibly high amount of security flaws can simply be resumed by "well, we did not expect someone would do that".
The problem is that bad cryptography looks just the same as good cryptography. A common cryptographer's maxim says that everybody is capable of building a system that himself cannot break. Even if your system is badly flawed, you will not notice it until (at best) somebody really breaks into the system or (at worst) the amount of frauds he has induced becomes really noticeable.
Secure Hash Standard (SHS)
SHA-1 Broken: Collision Attack Found, Implications for Cryptography
NIST is issuing a tentative agenda for the development of a SHA successor
Does the proof of the Riemann hypothesis really bring the whole of ecommerce to its knees?
The Cost of Insecurity: Understanding the “Non-Loss” Benefit of Cryptography
The Cost of “Just Enough” Security: Why Good Cryptography isn’t More Expensive
Cryptographer Consulting: Security Transparency vs. Relying on Ourselves
Why do people believe they should handle cryptography themselves?
The Illusion of Simplicity: Why Designing Your Own Cryptography Fails
Why Do I Need a Cryptographer?
Founding Members
Academic and Historical References
What Is Our Methodology?
Security Courses, Cryptography Consulting, System Evaluation & TTP Services
Bridging The Gap Between Scientific Research And Industry Needs