I want to see you design a system so complex it cannot be understood.
Some people think cryptography is this utterly complex thing sitting on the edge of understanding. It isn't.
Evidence of rolling your own crypto, authentication or key-exchange mechanism is the first thing an attacker you'd want to worry about will look for.
Developers design systems that are easy to break because of ignorance and hubris. That's not to say you can't learn how to implement a secure system, just that if you did any research, you'd know that Rolling Your Own Is Bad because proper design is Hard and people, with much more experience than you, are aware of choke points in your design that you aren't aware of.
Complexity = time to brute force a crypto algo. I am using the word in the formal, traditional sense, where a brute force solution (and heuristics of intelligent solving) literally is measured in terms of computational complexity metrics (big o) or probability.
Try designing a system that can't be exploited and must rely on its algorithm's correctness such that only a brute force solution exists.
Few algorithms are correct such that their computational complexity alone is what provides their security. Without a formal proof, an audit and some testimony of experts I will not believe your hand-rolled algorithm is correct.
This is why you rely on proven algorithms and implementations and never roll your own. But you should not believe that using a correct algorithm alone should be enough to deem a system secure.
Its implementation might be exploitable in a way that sidesteps the security provided by your algorithm.
The idea that it might take an attacker five billion years to brute force your cipher text for a solution is nice, but if you're exchanging keys in an insecure way then that security goes right out the window.
Storing your salt on the same DB? Your search time for a solution is cut down since you can grab that as well.
This is why emphasis is placed on tearing apart a system that claims it is secure. Most of the time it isn't, and usually in ways that are easily identifiable.
Having good faith in the developer isn't an ideal when the well-being of many people might be at stake because of claims that cannot be backed up.
Some people think cryptography is this utterly complex thing sitting on the edge of understanding. It isn't.
Evidence of rolling your own crypto, authentication or key-exchange mechanism is the first thing an attacker you'd want to worry about will look for.
Developers design systems that are easy to break because of ignorance and hubris. That's not to say you can't learn how to implement a secure system, just that if you did any research, you'd know that Rolling Your Own Is Bad because proper design is Hard and people, with much more experience than you, are aware of choke points in your design that you aren't aware of.