There's a big difference between writing your own code just to learn how AES works and writing code and then saying "we will protect your privacy using this code". The reason experts discourage people from writing crypto code is because it's Hard; even the experts get it wrong. Even if you ignore all the weaknesses you can create by using bad keys, there are still simple mistakes that will ruin you system. For RSA you need to make sure your key generation isn't subject to Pollard's p-1, Pollard's rho, William's p+1, Fermat factorization, Wiener's attack, and others. And then once you do that, if you pad incorrectly the whole thing gets blown up anyway.
This isn't someones little toy app, this is a professionally done, "we will protect your privacy" service with the government already breathing down their neck. The sloppiness they are showing in their crypto (or at least in their presentation of the crypto) is just unacceptable.
You can write crypto code and not rewrite all the primitives, I certainly think that any good software engineer could write his own implementation of operations on GF(2^n) but if it's a good software engineer he will also prefer to pick the right primitives, use the right libraries and write the right crypto glue code. It's not all or nothing. You can be a professional software engineer and write crypto code.
Please do not ship crypto software or, especially, crypto protocols (e.g. Alice does this, then Bob does that) that haven't been publicly audited. It's an unnecessary liability to your company, your customers, and the public when there are alternative solutions that do not have the flaws that a) you think that you don't have but do, or b) don't know that you have.
This is really not an area for hotshot lone developers to contribute to, the stakes are just too high.
People hear "don't roll your own crypto", and think that it means "don't invent your own encryption algorithm". Really it should be reprhased, "don't ever touch crypto directly".
I understand, I Must Not Write Crypto Code™. However I choose to write whatever I want anyway, crypto experts must not be the only ones writing crypto flaws, so can i.
I don't care what you write, but if you go into it thinking that the dangerous stuff is in the primitives like the AES core, and if you just stick to the glue you'll be safe, you're gonna have a bad time.
if the crypto implementation is this poorly thought-out, you can only imagine how shaky the rest of the backend code is.
it would not surprise me if the service is shutdown again somehow. i would guess they would lean on the banks of CC companies that process his CCs first.
This isn't someones little toy app, this is a professionally done, "we will protect your privacy" service with the government already breathing down their neck. The sloppiness they are showing in their crypto (or at least in their presentation of the crypto) is just unacceptable.