Crypto algorithms are extremely difficult to be created secure. (Even Bruce Schneier, creator of Blowfish, found that someone had cryptanalyzed it to be much less secure than he had thought.)
The biggest features that OpenSSL needs right now (and please note that these are my opinions, as I'm not a member of the OpenSSL development team) are TLS 1.1 (RFC 4346) and TLS 1.2 (RFC 5246) support. Secure renegotiation indication is already done. There's also the issues in rt (http://rt.openssl.org/) that require code changes that nobody's gotten around to yet. There's also the need to ensure that the certificates that OpenSSL comes up with are compatible with X.509 and PKIX (they are *not* currently compatible with the latest version of PKIX, which is in RFC 5280; it's also not guaranteed that they're compatible with the prior version of PKIX, RFC 3280). The certificates and CSRs that OpenSSL come up with *are* valid X.509 structures, but it's always a good idea to check the ASN.1 (ITU-T recommendations X.680, X.681, X.682, X.683, X.684, X.690, and possibly X.693 and X.694, as well as others) specs generally available for free from http://www.itu.int/itu-t/recommendations/index.aspx?ser=X , though there are some that are pay-for. If you're looking for a challenge, try looking at the .conf file parsing and handling code. The most important thing to realize is that security is not implemented by the cryptographic algorithms themselves, but rather what is done with them. Learn what can be (statistically) guaranteed by each algorithm, and then build on these algorithms to create protocols. Try to think in terms of what can be learned at each step of the protocol, and how each participant in the protocol can subvert it. The typical players are: Alice, Bob, Carol, David: Entities 1 through 4 Eve: An Eavesdropper on the communications pathways Mallory: A Malicious user with complete control over the network. Trent: A Trusted third party, trusted for some task (such as identity verification or attribute access) While you're at it, look for the "Handbook of Applied Cryptography". It's available online. It (along with "Applied Cryptography 2nd Ed", by the aforementioned Bruce Schneier) is one of the most important books on the art. -Kyle H On Fri, Jul 9, 2010 at 12:55 PM, Eric Dorman <edorma...@gmail.com> wrote:
Hello guys, :D I am wondering how I can contribute to the development of OpenSSL in maybe the Cryptography and in SSL. :D I am still a beginner in coding,but I'd love to help out with inventing some new features or algorithms. Does anyone know how I could start out helping on this project with developing maybe the Crypto Algorithms?
smime.p7s
Description: S/MIME Cryptographic Signature
