@jonny @david_chisnall @chris_evelyn I wouldn't claim to be a security guru of any kind. I just know enough crypto APIs to get by, my doing TCP-MD5 in FreeBSD back in 2004 was largely a historical accident, and putting libsodium into that other code base I hack on turned out to be a bit of a "dogshit refactoring". I did work onsite at JPMorgan Chase in 2001 as 3rd line security support, but didn't get the fat paycheque as I was not a JPM employee, just working for who they outsourced to.