Adding standalone RSA code
Ryan Sommers
ryans at gamersimpact.com
Fri Dec 10 14:32:14 PST 2004
Mark Murray said:
> Colin Percival writes:
>> > Is size really a concern?
>>
>> No. The size is a side-effect of having a minimal, highly secure,
>> library, and was not a design consideration.
>
> "New" very often means "Insecure". I'd rather see something with lots
> of eyes over it, and OpenSSL has the advantage of having quite a few
> competent crypto guys grovel through it.
>
> I'm still inclined to say "Please stick with OpenSSL; it is the devil
> we know."
I have to say I'm with Mark and das@ (I believe it was). As good as
smaller and more efficeint sounds, when it comes to crypto libraries I'd
rather stick with OpenSSL. It's definately a lot more source code,
however, as stated above, it has quite a few more eyes on it as well.
With more people working on OpenSSL and auditing it I feel more
comfortable with a large developer-base familiar with the same code should
an issue crop up. What happens if during a lapse of ENOTIME for you a bug
comes up with the library and exposes a severe security flaw for an
application making use of it?
--
Ryan Sommers
ryans at gamersimpact.com
More information about the freebsd-arch
mailing list