Re: [dev] Suckless remote shell?

From: Chris Down <>
Date: Sun, 3 Nov 2013 20:12:33 +0800

On 2013-11-03 11:07, FRIGN wrote:
> I could imagine a fork/rewrite based on OpenSSL's crypto-code, called
> "s3l" ("suckless ssl"), but see the implicated problems with it. You
> can't just rewrite software without having at least one real
> specialist to check the code. Looking at OpenSSL, it has undergone
> dozens of thorough checks by leading specialists in this area. This,
> however, doesn't change the fact it sucks.

Everything sucks to some degree. The costs of trying to un-suck OpenSSL
at this point may be worse than just allowing it to suck, without expert
assistance (and even then, beware).

For some stuff though, good alternatives exist. If I recall correctly,
libtomcrypt[0] has been audited (although how rigurously, I don't know.
It should be easier than OpenSSL at least). I haven't looked into
libtomcrypt much so I can't vouch for it, but I've heard good things.


Received on Sun Nov 03 2013 - 13:12:33 CET

This archive was generated by hypermail 2.3.0 : Sun Nov 03 2013 - 13:24:06 CET