Everyone says this, because Applied Cryptography (not a good book) says it. But no, the problem of coming up with a good 128 bit or 256 bit key is not the hardest part of getting a cryptosystem working. Plenty of static-keyed systems, in which keys are more or less guaranteed to come from /dev/random, end up totally busted.
You seem to be thinking that when I say "implement", I mean, "building an AES core library from scratch". No. I mean properly using a well tested, totally sound AES library in a way that doesn't leave your application totally boned.
I've seen a lot of broken key management. People using MD5(passphrase) (cough OpenSSH cough) as a key, people downloading public keys over insecure networks and not verifying them at all, people distributing secret keys along with software destined to be run on hostile systems...
I'm happy to say that systems which try to generate random passwords do tend to generate securely random passwords, though. /dev/random has been a huge help there.
Come on, "coming up with a good 128 bit or 256 bit key" is only a very small part of key management (and, as you note, probably also the easiest part of key management).
What I did was come up with the simplest, most reliable key management system there is (static keying with secure keys), and presumed it to be safe.
Then I pointed out that such an application is still likely to be boned by implementation flaws that have nothing to do with how the keys are established.
> You seem to be thinking that when I say "implement", I mean, "building an AES core library from scratch". No. I mean properly using a well tested, totally sound AES library in a way that doesn't leave your application totally boned.
Can you please fix the images on your blog post about that :)
You seem to be thinking that when I say "implement", I mean, "building an AES core library from scratch". No. I mean properly using a well tested, totally sound AES library in a way that doesn't leave your application totally boned.