And also, its one of those things that's hard to learn on your own. On the other hand, do they cover defense against practical attacks in uni? As in, will you be told to roll your own crypto, and have the professor show you the timing attacks, etc.? Because honestly, the theory you can pick up on your own, in industry you just use a library, and I don't know how nice will OpenSSL devs be if you just show up as a crypto noob on their doorstep asking for mentoring.
Danish university student here. In the course I'm currently taking, they've made a point of stressing the importance of not rolling your own crypto, along with using salts, and have had assignments where the point was to crack weak encryption like MD5, and do dictionary attacks on stronger crypto. Timing attacks were covered as well.
>they've made a point of stressing the importance of not rolling your own crypto,
I think there should be a class on how to roll your own crypto, because someone's got to do it, and, as we saw with Heartblead, you don't want something like crypto to be something only a handful of people in the world to understand.
The Intro Security class I took at UMich we did a month or so all on crypto and the relevant attacks against it.
Never implemented any algorithms but every assignment involved breaking bad implementations of crypto or various applications which was extremely interesting.
Pretty much every lecture slide had a disclaimer "never implement * yourself, Use respected crypto libraries!!!".
