The cr.yp.to microblog: 2018.05.18 13:26:12

2018.05.18 13:26:12 (997438199227211776) from Daniel J. Bernstein, replying to "Matthew Green (@matthew_d_green)" (997435638566850560):

libpqcrypto (https://libpqcrypto.org) includes a simple command-line interface designed to prevent common security failures: everything aims for CCA2, verification failures produce empty output in case errors are ignored, etc. But still needs consttime + tons of security review.

Context

2018.05.18 13:11:57 (997434611754983424) from "Orthanc (@Orthanc)", replying to "Matthew Green (@matthew_d_green)" (997434118207131649):

Does openssl count?

2018.05.18 13:12:53 (997434846652846081) from "Matthew Green (@matthew_d_green)", replying to "Orthanc (@Orthanc)" (997434611754983424):

The process of public key encrypting a file is pretty janky.

2018.05.18 13:14:16 (997435193903472641) from "ͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥtruelai ╪ͥͥͥͥͥͥͥͥͥͥͥ (@truelai)", replying to "Matthew Green (@matthew_d_green)" (997434846652846081):

Is "janky" a technical criticism?

2018.05.18 13:16:02 (997435638566850560) from "Matthew Green (@matthew_d_green)", replying to "ͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥtruelai ╪ͥͥͥͥͥͥͥͥͥͥͥ (@truelai)" (997435193903472641):

It’s a corollary of “sucky”. But seriously, OpenSSL public key encryption is bad.