This is an "I have no idea what the hell I'm doing" level of incompetence.Isn't it accepted security knowledge, that about 99% of everybody is at a "should not be doing it myself" level of security/crypto incompetence? I'm not saying that the example isn't particularly bad. It is.
Requiring competence would appear to be the wrong way to do it, here.
