When it comes to evaluating and choosing algorithms, people have several alternatives:
— They can choose a published algorithm, based on the belief that a published algorithm has been scrutinized by many cryptographers; if no one has broken the algorithm yet, then it must be pretty good.
— They can trust a manufacturer, based on the belief that a well-known manufacturer has a reputation to uphold and is unlikely to risk that reputation by selling equipment or programs with inferior algorithms.
— They can trust a private consultant, based on the belief that an impartial consultant is best equipped to make a reliable evaluation of different algorithms.
— They can trust the government, based on the belief that the government is trustworthy and wouldn’t steer its citizens wrong.
— They can write their own algorithms, based on the belief that their cryptographic ability is second-to-none and that they should trust nobody but themselves.
Any of these alternatives is problematic, but the first seems to be the most sensible. Putting your trust in a single manufacturer, consultant, or government is asking for trouble. Most people who call themselves security consultants (even those from big-name firms) usually don’t know anything about encryption. Most security product manufacturers are no better. The NSA has some of the world’s best cryptographers working for it, but they’re not telling all they know. They have their own interests to further which are not congruent with those of their citizens. And even if you’re a genius, writing your own algorithm and then using it without any peer review is just plain foolish.
Schneier, Bruce. Applied Cryptography, Second Edition, John Wiley & Sons, 1996