The summary here is very
simple for random numbers. Random number
generation is tricky. It is not easy. It's easy to come up
with an algorithm that looks very good, seems to scramble things and
generate these good numbers, but more often than not
they're weaker than you think. Random numbers from physically random sources seem
to be the best, and in particular don't use
statistical random numbers or statistical pseudorandom
number generators for cryptographic purposes. Use cryptographically
strong ones. The reason is the others
don't have the element of unpredictability that
cryptography requires. In terms of cryptography just like generating random numbers, cryptography is tricky.
It is not easy. But here you need to know what
your goals are so you know that you're using cryptography
in the way you should be. Design your use of cryptography
to meet those goals, and I emphasize use. Don't build your own cryptosystem unless you have
a very good reason to. Simply saying, well,
I didn't write this library so I'm going
to do my own version of it, is not a good reason. Open source and commercial ones
generally work very well. If you write your own
cryptography though, it's very easy to
make a little mistake that will make the cryptography weak and that people
can break it. So, the general rule of cryptography is to
avoid writing your own, and know how you're going to
use it, for what purpose, and how your implementation that uses the libraries will
further that purpose.