Cees De Groot wrote:
Personally, but I'm known to hold extreme opinions on some matters, I think that no-one should be allowed to implement any crypto code unless after reading Schneier's Applied Cryptography. Preferably not more than a day in advance :-)
I'm going to sound like a curmudgeon when I say this, but I have a real dread of cryptography implemented by those who have read Applied Cryptography, which provides just enough information to be dangerous, and has in practice resulted in many cryptosystems which are buzzword compliant ("256-bit AES!") and dangerously broken.
What is being attempted here is not merely implementation, but protocol design, and cryptographic protocol design is an extremely advanced and difficult science which should not be attempted by those who do not understand in detail the proofs that underlie constructions such as OCB mode or PSS. Even those who do are prone to making dangerous mistakes; review by other experienced people is essential. At a minimum, the cryptography in use should be documented in detail; it should not be necessary to refer to the source code to discover things like that ECB mode was used to encrypt the messages.
If at all possible, find an existing, well-respected standard and use that.
See http://diswww.mit.edu/bloom-picayune/crypto/14238 for some more curmudgeonly sentiment from Peter Gutmann on a related subject.