Is building an encryption algorithm from scratch a good idea?

Probably not

Nop

Depends what for. It's a good practice and it will give you a lot more insight on how the math works, which is the actual high value it gives you. It's for people who prefer experience over one time reward.

Yes, it's really fun to make but you shouldn't actually use it

Of course it is since it'll give you experience, which is always a really good. Ofc you shouldn't use it over any of the tried and tested ones

Unless you are a cryptographer or cryptographic student then no

Unless you are godlike in math, don't. You'll screw up without even realizing. Rely on existing implementation.

Even if you are a cryptographer, your algorithm may still be insecure upon first try. The crypto community needs to peer review shit thoroughly.

Depends in what you want to do with it.

Use it in production? No, don't do it. Spend 5 seconds on google to get a better answer why you shouldn't then anybody here can give you.

Use it as a project to learn cryptographic techniques and insights? Yes, but be prepared to deep dive into dry theory.

Never reinvent the wheel.

@legacy07 booo! How about Never use anything you don't understand as well as if you invented yourself.

No. Good idea for practice but never use it in production. The tech term is "encraption"

@legacy07 never reinvent the wheel for production*

@Fast-Nop I assumed a cryptographer would know that

@Codex404 A crypto algo without thorough review is like having shat without having wiped one's ass.

@Fast-Nop thats what I said, I expected a cryptographer to know that

You should absolutely make your own encryption algorithm. Then look up how to break encryption algorithms, break it nearly instantly, improve it till you can't break it anymore.

Then post on stackexchange that you are a master cryptographer, and watch them break it in 10 seconds. Then cry in a corner and only use vetted crypto in production.

I'm not being sarcastic. It's a great learning experience and you will learn alot about crypto. The first thing you will learn is it takes teams of people with multiple PhDs to make good enough crypto and sometimes they fuck it up bad anyways! Do it to learn, but definitely not to use.

"Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break. It's not even hard. What is hard is creating an algorithm that no one else can break, even after years of analysis. And the only way to prove that is to subject the algorithm to years of analysis by the best cryptographers around." - Bob Schneier

Yes, get the payload, delete it, generate a new payload with the same length, characters and all but completely different, hash it with freshly generated keys and then delete the keys.

Then blame it blame on the user.

Its a bad idea as there are hundreds of things to take care of when developing a secure crypto algorithm. Use a good library and don't implement it yourself unless its for practice/experimenting.

@mt3o @Codex404 I disagree. If you read about current implementations it's not that difficult to impossible if you have the time.

@Jifuna he is talking about from scratch. That means the from scratch and not using existing ideas.

@Codex404 Ah okay, fair enough

@Jifuna actually no, it seems easy. But most crypto vulnerabilities, especially in things like rsa and aes, are not the algorithm, but how it's implemented. Which is why things like openssl are vulnerable, but wolfssl is not to certain CVEs and vice versa for others. Same algothm, different code.
/reply

Since man has had language and conversation, there has been the desire to have private conversations. Crypto and codes may just be one of the oldest ideas in the world. And if you know nothing about crypto, you almost certainly aren't writing sboxes and worrying about how much entropy you have or how long your nonce is. You will almost certainly end up with something closer to a substitution or vignere cipher than RSA or rijndael.

So look up how easy those are to break. Maybe even do it yourself a few times, cryptopals.com is a fun reference.

@deadPix3l If you read my comment on top :P. Like I said it's fun if you want to learn ofcourse it's not safe to use.

Yes. As long as you don't call it secure until its been audited properly and resistant against quite some attacks.

@legacy07 Then how am I supposed to learn anything?