From case@SDF.ORG Fri Jul 6 02:35:46 2018 From: John Case To: cypherpunks-legacy@lists.cpunks.org Subject: [cryptography] Just how bad is OpenSSL ? Date: Fri, 06 Jul 2018 02:35:46 +0000 Message-ID: <172289277761.3881296.2555949120864195543.generated@mail.pglaf.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1504031161196523233==" --===============1504031161196523233== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit I was recently reading "the most dangerous code in the world" article at stanford: https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html and found the hackernews discussion: http://news.ycombinator.com/item?id=4695350 (interesting discussion and argument about curl library and how often it is badly deployed) And the hackernews discussion led me to "OpenSSL is written by monkeys": http://www.peereboom.us/assl/assl/html/openssl.html So, given what is in the stanford report and then reading this rant about openssl, I am wondering just how bad openssl is ? I've never had to implement it or code with it, so I really have no idea. How long has it been "understood" that it's a mess (if it is indeed a mess) ? How dangerous is it ? It looks like the rant was published in 2009 .... _______________________________________________ cryptography mailing list cryptography(a)randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE --===============1504031161196523233==--