Re: [boost] Cryptography for Boost.

On 25/02/2020 22:00, Mike wrote:

...

Gesendet: Montag, 24. Februar 2020 um 17:00 Uhr Von: "Kostas Savvidis via Boost"

...

On Feb 24, 2020, at 12:34, Mike via Boost wrote:

I can't speak for the boost community, but I guess another big question mark is probably long term support and response to security vulnerabilities.

+1 --- If it is not written by people with academic credentials in cryptography and does not come with an independent security audit from the same it should be a clear no go.

I have to wonder though: Did/does Openssl/libressl actually satisfy those criteria?

FWIW, when I need something outside of TLS, I usually reach for Crypto++ (https://www.cryptopp.com/ ). It has been formally FIPS validated in the past, but the latest version hasn't been re-validated (since that requires constant $$$). Overall though I agree with Vinnie -- Boost should in general not reimplement any algorithms; at most it should provide a unifying interface around existing proven libraries.