I would suggest that for each of them, a 10+ year career in academic cryptography, in each case accompanied by significant new research results, is what helped them get there. Implementing a library, not so much.
As for your second point: literally everyone can implement cryptography that appears secure to them. It's tautological.
> I would suggest that for each of them, a 10+ year career in academic cryptography, in each case accompanied by significant new research results, is what helped them get there. Implementing a library, not so much.
I believe that what made them exceptional (for most of them) is the combination of theoretical learning and hands-on programming. That's my entire point. I think we can agree to disagree. But that's an opinion I'll probably hold for the next years as this is the direction I want to take as well.
> As for your second point: literally everyone can implement cryptography that appears secure to them. It's tautological.
And the process of putting it out there and looking for ways to make it more secure is how you learn. Proof: he already learned a bunch about Frama-C and other C oddities and documented these via his blogpost. Plus he found a bug in the Argon2 implementation. That's a win.
Why don't you ask them? Most of these people aren't hard to get ahold of. One of them you even share a Slack with. I would be surprised to learn that any of them believed doing a library implementation of pre-existing crypto constructions was an important part of their education, but I like to be surprised.
I indeed learned a lot, and still learn a lot, by doing implementations. Doing a proper implementation forces me to consider all aspects; when the code runs properly, I know that I have, by definition, been exposed to all the parts. You cannot get that kind of exhaustiveness from simply reading an article.
However, doing implementations is not at all the same thing as publishing implementations! The first one or two attempts are always flawed in some way; only the third one can hope to be reasonably good. I took care to properly kill and dispose of the corpses of all my learning code.
The trick (and it's a difficult one) is to decide in advance that the code you write to learn will have to be deleted -- and stick to it. Developers have trouble letting go of their creations, in general. If you can maintain that discipline, then there is no problem in "writing your own crypto". But that is a big "if".
I've found that a good motivation for writing learning-only "throwaway" crypto code is as models for writing attack code; you don't even have to throw the code away, just publish it with the exploit.
But then, I'm a believer that everyone should learn crypto by breaking it, and clearly not everyone agrees with me.
Thanks for the input! This reminds me of what Amelie Nothomb says: "unlike a lot of writers, I have the decency to toss most of what I write". I don't think it's necessarily bad to publish crypto code. Marketing it as secure is another thing. I've marked most of my implementations as "readable" implementations meaning that are only there for educational purposes.
As for your second point: literally everyone can implement cryptography that appears secure to them. It's tautological.