I was recently reading "the most dangerous code in the world" article at
stanford:
https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html
and found the hackernews discussion:
http://news.ycombinator.com/item?id=4695350
(interesting discussion and argument about curl library and how often it
is badly deployed)
And the hackernews discussion led me to "OpenSSL is written by monkeys":
http://www.peereboom.us/assl/assl/html/openssl.html
So, given what is in the stanford report and then reading this rant about
openssl, I am wondering just how bad openssl is ? I've never had to
implement it or code with it, so I really have no idea.
How long has it been "understood" that it's a mess (if it is indeed a
mess) ? How dangerous is it ?
It looks like the rant was published in 2009 ....
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
