Re-inventing the wheel, is it good or bad? Here I am going to list things as I understood.
Why its bad idea :
- It takes a lots of time to design and implement a new thing.
- No independent security analysis.
- Testing, you wont get many edge cases during tests.
- Lack of resources.
This is why many companies always use already developed and tested libraries to their products. When it comes to security, if you plan to develop your own security schema means, the probability you fail is much more than a hacker breaching a well known security library.
Especially when it comes to cryptography and encryption, using your own product not only give possible failure , it would give many compatible issues with already existing systems. As other systems may design to use already known algorithms or libraries.
One best example comes from aircraft manufactures. AirBus and Boeing are the main aircraft manufactures, but none of them produce their own jet engines. Jet engines come from Rolls-Royce Trent or General Electrics. They could start manufacturing their own engines and it will give more profit. But they dont, why?
- Rolls-Royce and General Electrics have years of experience design and manufacturing jet engines. Technology and human resources.
- A new jet engine would have to go through years of design and testing, probability it fails is higher compared to using specialist built engine.
- Customers would also question about new engine’s safety and reliability.
I hope you understood why re-inventing wheel is bad idea. But when we want to use these wheels, we must configure it to work with our application well. This is one main mistake many people do. They say, this library worked well with that application for years, it should work with this without any problem. But when we use it, it doesn't give expected performance. Actually it could lead to whole application failure. This is like, adding A-380 engine to A-320 or 737 engine to 747 plane.
There is another con with already invented wheel, attackers will try to break it often as its being widely use. So one simple bug in a common library can lead your entire project into vulnerable application easily.
Why re-inventing wheel is good idea
If you want to learn something really well, and you have enough time to invest. Yes, then its really good idea.
This is my personal experience, I involved in a web application developed using Laravel-5.2. In that, Laravel managed all the cookies and sessions, we just have to call
auth package for authenticating and authorizing works. During that I didn't understand much about how it handle these things behind the scene.
Recently I started working on my own hobby project using golang. When I started it, my initial thought was to use only official golang packages for all the works. In that I came to this point, user authentication and authorization. during it development, I had to design and test many my own features and managing all those components.
But probability failing all these system is higher, even with a small thing I have missed. Thats the main disadvantage of this. But learning curve gives a lots of knowledge to you.
If your audience is small, implementing your own security features will be a good idea, but still not advisable by industry and academics. Here I have listed things as I have understood, specially during this pandemic times. If you see a mistake I have made, please correct it.
Thanks for reading…
Stay Home and stay safe!