Skill Wiki
Roll Your Own Crypto
Implementing a cipher, hash, MAC, or 'lightweight encryption scheme' from scratch instead of using a vetted library.…
$ prime install @security/anti-pattern-roll-your-own-cryptoProjection
Always in _index.xml · the agent never has to ask for this.
RollYourOwnCrypto [anti-pattern] v0.1.0
Implementing a cipher, hash, MAC, or 'lightweight encryption scheme' from scratch instead of using a vetted library. Includes XOR-with-a-key 'encryption', rolling your own JWT-style token format, hashing-then-truncating for an integrity tag, or using crypto primitives in modes you didn't see in a paper.
Loaded when retrieval picks the atom as adjacent / supporting.
RollYourOwnCrypto [anti-pattern] v0.1.0
Implementing a cipher, hash, MAC, or 'lightweight encryption scheme' from scratch instead of using a vetted library. Includes XOR-with-a-key 'encryption', rolling your own JWT-style token format, hashing-then-truncating for an integrity tag, or using crypto primitives in modes you didn't see in a paper.
Label
Inventing or reimplementing cryptographic primitives
Why Bad
Cryptography fails silently. A scheme can look fine, encrypt and decrypt correctly, and still be trivially broken — padding oracles, length-extension, nonce reuse, timing leaks, weak randomness, or simply choosing ECB. The history of applied crypto is the history of clever people getting it wrong; you will too.
Instead Do
Use a high-level, audited library that hides the primitives:
• libsodium (crypto_box, crypto_secretbox, crypto_pwhash)
• Google Tink (envelope encryption, deterministic AEAD)
• age / rage (file encryption)
• ASP.NET Core Data Protection, Java Tink, etc.
If you must use a primitive directly, use the constructor your
standard library provides and copy a tested example verbatim. Do
not invent. Do not 'optimise' the example. Do not skip the MAC.
Loaded when retrieval picks the atom as a focal / direct hit.
RollYourOwnCrypto [anti-pattern] v0.1.0
Implementing a cipher, hash, MAC, or 'lightweight encryption scheme' from scratch instead of using a vetted library. Includes XOR-with-a-key 'encryption', rolling your own JWT-style token format, hashing-then-truncating for an integrity tag, or using crypto primitives in modes you didn't see in a paper.
Label
Inventing or reimplementing cryptographic primitives
Why Bad
Cryptography fails silently. A scheme can look fine, encrypt and decrypt correctly, and still be trivially broken — padding oracles, length-extension, nonce reuse, timing leaks, weak randomness, or simply choosing ECB. The history of applied crypto is the history of clever people getting it wrong; you will too.
Instead Do
Use a high-level, audited library that hides the primitives:
• libsodium (crypto_box, crypto_secretbox, crypto_pwhash)
• Google Tink (envelope encryption, deterministic AEAD)
• age / rage (file encryption)
• ASP.NET Core Data Protection, Java Tink, etc.
If you must use a primitive directly, use the constructor your
standard library provides and copy a tested example verbatim. Do
not invent. Do not 'optimise' the example. Do not skip the MAC.
Label
Inventing or reimplementing cryptographic primitives
Why Bad
Cryptography fails silently. A scheme can look fine, encrypt and decrypt correctly, and still be trivially broken — padding oracles, length-extension, nonce reuse, timing leaks, weak randomness, or simply choosing ECB. The history of applied crypto is the history of clever people getting it wrong; you will too.
Instead Do
Use a high-level, audited library that hides the primitives:
• libsodium (crypto_box, crypto_secretbox, crypto_pwhash)
• Google Tink (envelope encryption, deterministic AEAD)
• age / rage (file encryption)
• ASP.NET Core Data Protection, Java Tink, etc.
If you must use a primitive directly, use the constructor your
standard library provides and copy a tested example verbatim. Do
not invent. Do not 'optimise' the example. Do not skip the MAC.
Source
prime-system/examples/security-appsec/primes/compiled/@security/anti-pattern-roll-your-own-crypto/atom.yaml