On 2013-11-03 11:07, FRIGN wrote:
> I could imagine a fork/rewrite based on OpenSSL's crypto-code, called
> "s3l" ("suckless ssl"), but see the implicated problems with it. You
> can't just rewrite software without having at least one real
> specialist to check the code. Looking at OpenSSL, it has undergone
> dozens of thorough checks by leading specialists in this area. This,
> however, doesn't change the fact it sucks.
Everything sucks to some degree. The costs of trying to un-suck OpenSSL
at this point may be worse than just allowing it to suck, without expert
assistance (and even then, beware).
For some stuff though, good alternatives exist. If I recall correctly,
libtomcrypt[0] has been audited (although how rigurously, I don't know.
It should be easier than OpenSSL at least). I haven't looked into
libtomcrypt much so I can't vouch for it, but I've heard good things.
0:
http://libtom.org/?page=features&newsitems=5&whatfile=crypt
- application/pgp-signature attachment: stored
Received on Sun Nov 03 2013 - 13:12:33 CET