-------- In message <CAG5KPzws=jmF2wLeEAz8Lzn7Ugude=0w5neoQjeDjYnGtJpS9Q at mail.gmail.com> , Ben Laurie writes:>OpenSSL includes (and is used for) lots of crypto that is not used in >SSL - since BearSSL targets SSL/TLS only, it can't, presumably, be >used to replace all uses of OpenSSL.Which implicitly raises the question if we really need all the boatloads of crap OpenSSL drags in, or if we would be in a better position with something simpler and saner ? -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk at FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
On 27 October 2017 at 20:24, Poul-Henning Kamp <phk at phk.freebsd.dk> wrote:> -------- > In message <CAG5KPzws=jmF2wLeEAz8Lzn7Ugude=0w5neoQjeDjYnGtJpS9Q at mail.gmail.com> > , Ben Laurie writes: > >>OpenSSL includes (and is used for) lots of crypto that is not used in >>SSL - since BearSSL targets SSL/TLS only, it can't, presumably, be >>used to replace all uses of OpenSSL. > > Which implicitly raises the question if we really need all the > boatloads of crap OpenSSL drags in, or if we would be in a better > position with something simpler and saner ?Indeed it does. Perhaps worth noting that since it was staffed, OpenSSL has removed a fair amount of crap, BTW. Anyway, to answer that question will presumably require someone to either try it, or figure out what is actually needed, crypto-wise.> > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk at FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence.
These days no one talks about how wonderful CPM was, we used it because at one time, it was the only OS available. So what is our excuse for using SSL?, because I'm fairly certain the NSA and just about everyone else in the neighborhood has hacked it. Question for the group...? Does anyone believe that factoring is actually hard.? It was once, I know.? But today? I'm not a crypto person, but even I wrote a simple factoring program.? In C, using MAPM.? I produce a few of the left-most bits for a,b, where: c = a*b; where a is:? 3 .. sqrt(c) and (of course,) b must be: greater than sqrt(c) from this I bisect the space of 3 .. sqrt(c) and begin the recursive descent.? The program does about 5,000 prime pairs an hour and this using MAPM!! I gave away the source code, let me know if you didn't get a copy.? You'll need g++ and MAPM On 10/27/2017 3:24 PM, Poul-Henning Kamp wrote:> --------IQjeDjYnGtJpS9Q at mail.gmail.com> > , Ben Laurie writes: > >> OpenSSL includes (and is used for) lots of crypto that is not used in >> SSL - since BearSSL targets SSL/TLS only, it can't, presumably, be >> used to replace all uses of OpenSSL. > Which implicitly raises the question if we really need all the > boatloads of crap OpenSSL drags in, or if we would be in a better > position with something simpler and saner ? >