On Fri, 28 Feb 2020 at 23:44, Rainer Deyke via Boost
On 28.02.20 20:34, degski via Boost wrote:
Oh, oh, oh, would you really consider not using OpenSSL?
OpenSSL is in fact a popular choice for category 2 cryptography, although the heartbleed debacle has made me somewhat hesitant to use it.
I was referring to this before, and in this case we are talking about the (most?) widely used foss-lib in this field (both C and C++), still you're hesitant to use it [I don't mean [at all] you're wrong, just that you're hesitant]. How hesitant do you think anyone, but you, would be towards anything implemented from scratch (even with a pedigree like Boost)? In OpenSSL, this known bug is now fixed, the relevance is negative, won't happen again, so you can stop hesitating. In the future Boost.Crypto, on the other hand, the only thing we'll have for a considerable period of time, is unknown unknowns (just like OpenSSL, but without the twenty-two years of debugging and wide-spread use!!!, under the assumption that Boost will do this twice as fast, we're talking 2032 to reach this state, or never, who knows?). Wrapping libsodium (or something functionally equivalent, I personally don't care, which one, after wrapping this has no real relevance I think), seems [to me] to be a good investment of dev-time, focussing on making things auto-magically work [auto-magically, correctly] C++/Boost-style, RAII, strong typing, etc, etc. degski -- @realdegski https://brave.com/google-gdpr-workaround/ "We value your privacy, click here!" Sod off! - degski "Anyone who believes that exponential growth can go on forever in a finite world is either a madman or an economist" - Kenneth E. Boulding "Growth for the sake of growth is the ideology of the cancer cell" - Edward P. Abbey