What you know about encryption could apperently fit in a thimble. Even the most garden-variety SSH packet flow is secure against anyone with "resources" short of the NSA's.
Any commercial venture that fails to use strong encryption gets what it deserves.
Laws that criminalize cracking lame encryption criminalize behavior that can only be detected by intrusive means. That's the downside: Are you ready to make your PC an open book to be inspected by anyone with a claim that their encrypted content might have been cracked on your PC?
I think that selling thousands of devices capable of breaking "lame" encryption is hardly exempt from being called criminal behavior.
Now if someone in the privacy of their home breaks DSS codes and doesn't sell or distribute anything, I'd hardly think that worthy of criminal prosecution, even though I'd call the person a thief.