I'm here at work working on my back end security code and my co-worker is watching the Emoji Movie.

I'm strongly against censorship, but this goddamn piece of cock shit makes me almost reconsider it. Noise canceling headphones are about the only thing keeping me from going that far.

//end rant

Why are you creating a security algorithm though? That's how you get hacked.

@BigBoo I'm using .jar libraries. I guess I should [redacted] my post. ;)

@starrynights89 Are you high?

@BigBoo I hope so. It's been a hell of a week. :P

@BigBoo Why does everyone suggests against making own security algorithms? The ones we use were also made by someone.

@Cyanide https://schneier.com/blog/archives/...

@BigBoo Not an answer to my question.

@Cyanide it's probably more secure having a human generated algorithm, that way it isn't a standard and can take longer for someone to work out patterns ¯\_(ツ)_/¯

@Cyanide It is though.

Would you rather have a security algorithm checked and confirmed to be working by thousands of people or only by you?

Just because you can't find any flaws doesn't mean there are any. Just Google and find all the mathematical issues with RSA to see how if you would be able to get fucked if you don't think about all these edge cases.

And that's for an industry standard security feature. Now try to figure out why creating your own maybe is an issue.

A system should be secured by a white box principle.

I should be able to know, line by line, how the system works. And it should still be secure.

If you think security by obscurity is a good way to go. I have some news for you. And this is generally why people want to create their own systems.

I’ve heard it is a VERY good movie.

From like nobody

@BigBoo In case you were curious I'm using a java library that is configured with BCrypt encryption. I've been spending the day learning how to use it alongside JWT tokens. So I'm not building this from scratch. :P

And I personally would rather use an algorithm developed by a team than to deploy one solo, but it's a very "it depends" scenario IMO.

@starrynights89 So you aren't developing an algorithm on your own :P

Are you minting your own jwt tokens?

@BigBoo The industry standard algorithms were also made by some human, weren't they? Or, is it something else?

I am just curious and lack knowledge in this regard.

@Cyanide It's like designing weight for weightlifting. You make one that you can't lift and assumed that it is impossible to lift up. There is a lot of possibilities, you could be to weak or even the strongest but maybe you approach this in bad way and if you modified your technic it will be easier to lift. Sure you could do it just right, but probability that your assumption is wrong is to high.

@Omnisus What if I am not the only one and I have a team?

@Cyanide It depends if your team is at least as good as team created previous algorithm and you could do enough testing. You need people from outside to try break your system to prove its security, because you design it to block each way you could think of.

@Cyanide Yes. Usually mathematicians. And then there is about 40 years of research about how to crack the systems. Atleast for RSA.

@BigBoo Yes I am. Using a BCrypt program. :)