Thanks for your comments and recommendation. Your points (and my own failings here) illustrate why libraries like Sodium (which was not on my radar a few weeks ago) are a good thing.

As an ordinary developer, I just want to use a library like PyCrypto in a safe manner. When I described the language as "jargon" I did not mean to be dismissive of it, but rather to say that libraries like PyCrypto force you to make decisions about terms that are nothing more than jargon to a non-expert -- when really what a non-expert needs is an extremely simple API which makes those decisions on your behalf in a safe manner.

Thanks again and these are humbling lessons to learn.

You seem smart and like someone who enjoys this stuff, so if you want a much more fun lesson (or, uh, 40+ of them), drop a line to sean AT matasano DOT com and he'll send you a bunch of exercises that'll teach you how to exploit this stuff.

Are any of those lessons public, or semi-public? I am very interested in stuff like that as I am working on crypto systems for a gov't project.

Open invite! Send mail to sean, he'll get you started. We're not publishing them and we'll ask you not to circulate them, but instead to let anyone you know who wants to see them to just mail sean.

Alright, email sent. Would love to work through them with the rest of the team at work though, think it would be good for all of us to have a good understanding of how to break crypto systems.

Another email sent. Wonderful offer. Thanks a lot!