On 2013-11-03 11:07, FRIGN wrote:
> I could imagine a fork/rewrite based on OpenSSL's crypto-code, called
> "s3l" ("suckless ssl"), but see the implicated problems with it. You
> can't just rewrite software without having at least one real
> specialist to check the code. Looking at OpenSSL, it has undergone
> dozens of thorough checks by leading specialists in this area. This,
> however, doesn't change the fact it sucks.Everything sucks to some degree. The costs of trying to un-suck OpenSSL at this point may be worse than just allowing it to suck, without expert assistance (and even then, beware). For some stuff though, good alternatives exist. If I recall correctly, libtomcrypt[0] has been audited (although how rigurously, I don't know. It should be easier than OpenSSL at least). I haven't looked into libtomcrypt much so I can't vouch for it, but I've heard good things. 0: http://libtom.org/?page=features&newsitems=5&whatfile=crypt
pgpteOG5H_ciK.pgp
Description: PGP signature
