Re: repeat after me
Implementing an encryption algorithm is straightforward enough, assuming the algorithm is sound. The problem is always in the exchange and storage of keys. So I trust myself to write the encryption -- there's usually test cases to verify the code's correct with the standard -- but key exchanges are a completely different matter. Just implementing a cryptographically secure random number generator is a work of art.
I'd also be very wary of any persistent code in the system that performs encryption services. This probably OK for day to day work but for anything realistic you need something with zero persistence -- its used, it goes away and erases all traces. Running anything on a general purpose machine is asking for trouble -- you think you know and control what's running on that system, now prove it.
Biting the hand that feeds IT
