To clarify: I didn't mean that people shouldn't learn or read about the topic, or try designing their own block or stream ciphers, hashes, KDFs and of course protocols (which are great fun!), not at all. Both my original comment and this one are directed at production use of cryptography.
I couldn't agree more. I think the fact that we have so much crypto foot guns available is a UX issue that we should address. Ideally, Crypto 101 would only be to satisfy one's own curiosity; not mandatory reading for anyone who wants to do something cryptographic. Alas, that's also not the world we live in right now. Realistically, plenty of crypto libraries will offer up e.g. unauthenticated AES-CBC. Then you probably want to know about some of the attacks on that, why you want a MAC, and where that MAC should live; if only to convince your coworkers that the concerns you have are real.
Isn't this the point of [Twitter]NaCl (Bernstein et al)? To provide a library which, when used correctly, makes it harder to make the obvious mistakes?
I think it's great, but it doesn't solve the protocol issue.
