This quote sure was a huge red flag to me.

"My dad's a genius" because you're not supposed to rely on genius to make a good crypto system, and also because it makes Eap sounds like he has absolutely zero knowledge on the subject.

"highest level of encryption available" because there's a fairly low floor above which it's all uncrackable anyway (ChaCha20 + BLAKE2B authenticated encryption, and Curve448 + post quantum winners for the public stuff, should go beyond total overkill).

I don't believe it was intentional though. I'm just out of a quick job implementing SSCPv2 (encryption over RS485 to secure communication between card readers and central computer, typically used to secure buildings). Good specs, fairly good separation between cryptography and business logic, and as far as I could tell the crypto isn't broken… but it is quite old school: AES CBC + HMAC SHA256, using MAC then encrypt. https://moxie.org/2011/12/13/the-cryptographic-doom-principl... And while I think my implementation is okay, I did have to pay special attention to specific traps raising from this design, and to be honest wouldn't bet my life on having ironed out all possible timing attacks.

SSCPv2 was almost certainly designed after 2020, but it took books from 2005. Good books for their time, but a bit dated unfortunately. I'm pretty sure no actual cryptographer was involved. If there were, they would almost certainly have used standard authenticated encryption scheme like AES CGM, or ChaPoly (RFC 8439), they would have authenticated the unencrypted header, and provided an even better separation between crypto and business logic.