Quiz Entry - updated: 2026.07.14
Why should you use established security libraries rather than implementing your own?
"Don't roll your own crypto" — proven libraries are battle-tested, peer-reviewed, and maintained; your custom security code is none of those.
Why use proven libraries:
- Cryptography is hard — Subtle flaws (timing side-channels, padding oracles, weak RNG) break security completely
- Battle-tested — Libraries like OpenSSL, bcrypt, OWASP ESAPI have been reviewed by thousands and attacked by real adversaries
- Maintained and patched — Maintainers release fixes; your custom code depends on you noticing issues
- Known security properties — AES, SHA-256 have mathematical proofs and years of analysis
What to use:
| Need | Use | Don't Use |
|---|---|---|
| Password hashing | bcrypt, Argon2 | MD5, custom hash |
| Encryption | AES-GCM via standard libs | XOR, custom cipher |
| Authentication | OAuth2, OIDC | Custom token schemes |