[cryptography] Just how bad is OpenSSL ?

John Case case at SDF.ORG
Fri Oct 26 11:29:47 PDT 2012


I was recently reading "the most dangerous code in the world" article at  
stanford:

https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html

and found the hackernews discussion:

http://news.ycombinator.com/item?id=4695350

(interesting discussion and argument about curl library and how often it  
is badly deployed)

And the hackernews discussion led me to "OpenSSL is written by monkeys":

http://www.peereboom.us/assl/assl/html/openssl.html


So, given what is in the stanford report and then reading this rant about  
openssl, I am wondering just how bad openssl is ?  I've never had to  
implement it or code with it, so I really have no idea.

How long has it been "understood" that it's a mess (if it is indeed a  
mess) ?  How dangerous is it ?

It looks like the rant was published in 2009 ....
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE





More information about the cypherpunks-legacy mailing list